Sernet has built packages and a pre-built Linux appliance that can be used to quickly build a Windows Domain Controller / Active Directory based on samba4 and Debian Squeeze (32-bit). The appliance is a quick way to turn a physical machine into a domain controller, but what about a virtual appliance, specifically a Xen (XCP) virtual appliance?
- Install the HVM appliance and convert it to PV.
- Install a PV’ed Debian Squeeze and add the sernet/samba4 packages.
- Install another PV’ed Linux Distro and re-build the sernet/samba4 packages.
As my goal is to build virtual appliances that are really simple for anyone to install, option (2) is the best approach. I did attempt (1) but found that after the appliance installation, the VM would not boot due to Grub errors (“Welcome to GRUB”, then nothing!) and I was not really interested at the time in finding out why.
Domain Controller Install
Here is the simplest way I have found to install a Samba4 Domain Controller in a Xen XCP virtual machine:
- Install Debian Squeeze 32-bit from the XenCentre template and/or command line.
- Get the samba4.sh script from the angryelectron/automate git repo
- Make the script executable and run it
- When prompted, enter information about the new domain
There are two ways to install the samba4.sh script from the command line. Both are run as root:
apt-get install git git clone https://github.com/angryelectron/automate cd automate chmod +x samba4.sh ./samba4.sh
or, if you don’t want to install git:
wget https://raw.github.com/angryelectron/automate/master/samba4.sh chmod +x samba4.sh ./samba4.sh
The samba4.sh script downloads the samba4 and sernet appliance packages, installs the required dependencies, the runs the ‘dcpromo.sh’ script included in the appliance package.
Also included in the ‘automate’ repo are simple scripts for changing the hostname and setting up network interfaces.
Domain Controller Management
samba4 domain controllers can be managed from the command line, however, most system administrators are more familiar and comfortable using Windows management tools. To effectively manage a samaba4 domain on Windows 7, install the Windows 7 Remote Server Administration Tools. Here is another link showing how to install the tools, including the group policy management snap-in.
In a virtualized environment, a Windows 7 virtual machine can be created just for the purpose of administering the domain. This is quite handy when most of the other machines run Linux.
Password policies can be changed via gpedit.msc on Windows, or really relaxed via the command line of the samba4 box:
samba-tool domain passwordsettings set --complexity=off samba-tool domain passwordsettings set --min-pwd-age=0 samba-tool domain passwordsettings set --max-pwd-age=0