How to manage Samba4 Active Directory Infrastructure from Windows10

In this part of the Samba4 AD DC infrastructure series, we’ll cover how to join a Windows 10 machine to a Samba4 domain and manage the domain from a Windows 10 workstation.

Once a Windows 10 system is connected to the Samba4 AD DC, you can perform essential administrative tasks, such as creating, removing, or disabling domain users and groups. You can also create new Organizational Units, manage domain policies, and administer the Samba4 domain’s DNS service.

All these tasks, along with more advanced domain administration, can be easily handled from any modern Windows platform using RSAT—Microsoft’s Remote Server Administration Tools.

Configure Domain Time Synchronization

Before managing a Samba4 Active Directory Domain Controller (ADDC) from Windows 10 using RSAT tools, it’s crucial to ensure accurate time synchronization.

Active Directory relies on precise timekeeping, typically provided by the NTP (Network Time Protocol) daemon in most Linux distributions. By default, AD allows a maximum time drift of about 5 minutes. If the time difference exceeds this limit, you may encounter various issues, such as authentication failures, problems with joined machines, or difficulties accessing shared resources.

To prevent these issues, you need to install the NTP daemon and the NTP client utility on your Ubuntu system.

# apt-get install ntp ntpdate

Next, open the NTP configuration file and update the list of NTP servers. First, comment out the default NTP pool servers by adding a # at the beginning of each pool line. Then, replace them with a new list of NTP servers that are geographically closer to your physical location. Use the format shown below when adding the new servers.

# vim /etc/ntpsec/ntp.conf

pool 0.ro.pool.ntp.org iburst
pool 1.ro.pool.ntp.org iburst
pool 2.ro.pool.ntp.org iburst

# Use Ubuntu's ntp server as a fallback.
pool 3.ro.pool.ntp.org

Don’t close the file yet. Move to the top of the file and add the following line right after the driftfile statement. This configuration allows clients to query the server using AD-signed NTP requests.

#  vim /etc/ntpsec/ntp.conf
ntpsigndsocket /var/lib/samba/ntp_signd/

Finally, scroll to the bottom of the file and add the following line, as shown in the screenshot below. This will ensure that only network clients can query the server for the time.

#  vim /etc/ntpsec/ntp.conf

restrict default kod nomodify notrap nopeer mssntp

After finishing the NTP configuration, save and close the file. Then, grant the necessary permissions to the NTP service so it can access the ntp_signed directory, where the Samba NTP socket is located.

Next, restart the NTP daemon to apply the changes. Finally, check your system’s network table to verify that NTP has open sockets.

# chown root:ntpsec /var/lib/samba/ntp_signd/
# chmod 750 /var/lib/samba/ntp_signd/
# systemctl restart ntp
# netstat -tunlp | grep ntp

Use the ntpq command-line utility with the -p flag to monitor the NTP daemon and display a summary of the peers’ status.

#  ntpq -p

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Trends

Top Most Basic And Advanced Command In Linux
How to Install and Configure Tomcat 10 on Ubuntu 22.04
How to install CentOS 7 Linux
How to Install CentOS Web Panel (CWP) on CentOS 7