Step 10: Install BIND (DNS Server)

Because we are going to be a domain controller and source for authentication it makes sense to also have some DNS services available. Please note that if you have multiple servers at your disposal it is recommended to install a seperate DNS server as well so we have two to look at.

# Install the software.

apt-get install bind9

Step 11: Configure our primary DNS Zone using WebMin

We now want to create our DNS zone so that we are in charge of it and can make use of it. I prefer using a GUI to do this as opposed to editing the zone files.

In a web browser navigate to: https://192.168.0.60:10000 (Please use the IP address that YOU assigned to your server.)
Login as "sysadmin" and "12345".
Servers > BIND DNS Server
Under "Existing DNS Zones" click "Create master zone".

Zone type: Forward (Names to Addresses)
Domain name / Network: example.local
Records file: Automatic
Master server: dc01-ubuntu.example.local
Email address: sysadmin@example.local

Click "Create" button.

Click "Apply Changes" button.

Click "Address (0)" at the top.

Name: dc01-ubuntu
Address: 192.168.0.60
Click "Create" button
Click "Return to record types"

Click "Apply Changes" button.

Step 12: Configure the server to use itself for DNS

DNS doesn't do a whole lot of good if we don't use it. In this section we point our /etc/resolv.conf file to ourselves. I also recommend leaving in a known working DNS server as the seconday source just in case something screws up. In some of my trials I did notice that the server would hang trying to start BIND9.

# Open the /etc/resolv.conf file for editing.

vim /etc/resolv.conf

# Add the following lines to the beginning of the file:

search example.local
nameserver 192.168.0.60

# Reboot the server to ensure that DNS is working correctly.

reboot

Step 13: Add a workstation account to LDAP

This tutorial is meant to create an opensource domain for Windows XP Professional client (and Linux clients) to authenticate against. Therefore we will add a workstation account for the Windows XP Professional workstation that we will be joining to the domain.

# Execute the command:

smbldap-useradd -w client-winxp

* "client-winxp" is the hostname of the computer that you will be adding to the domain. This must be very specific!

Step 14: Configure your Windows XP Professional Client

Now I will walk you through configuring your Windows XP Professional workstation so that it will join the domain.

# Assumptions:

* This is a vanilla installation of Windows XP Professional SP2.
* The computer name was set during installation to be: client-winxp
* The Administrator password assigned is: 12345
* All other installation options have been left at their default settings.
* After the installation the following occurred:
* The only user account on the computer in use was "Administrator"
* All available Windows Updates were installed.
* A static IP address was assigned with the following information (for my setup only!)

IP Address: 192.168.0.61
Gateway: 192.168.0.1
Netmask: 255.255.255.0
DNS: 192.168.0.60
Search domain: example.local

# Join the workstation to the domain.

* Log into the computer as Administrator.
* Right click "My Computer" and click "Properties".
* Click the tab "Computer Name".
* Click the button labeled "Change".
* At the bottom click the radial button labeled "Domain".
* In the box type the word "example" without quotes!
* Click the "OK" button.
* At the password prompt enter "root" for the user and "12345" for the password (substitute the password for what you assigned to your root user earlier!).

It should say "Welcome to the example domain."
* Click "OK".
* Click "OK" again.
* Click "OK" again.
Restart the workstation.

# Log in with your test user ("ricky") from earlier.
Try logging into the Windows XP workstation (after selecting the domain from the drop down box) using our test user. It should work without issue!

# Notes
Please note that this is basic authentication right now. You're on your own if you wish to add logon scripts, mapped drives, etc...

Step 15: (Optional) Install Apache2 and PHPLDAPAdmin

A nice way to view and modify your LDAP tree is with a GUI. PHPLDAPAdmin is one that many people recommend so I will show you how to install it and use it.

# Install the software.

apt-get install apache2 phpldapadmin

# Open the file /etc/apache2/httpd.conf for editing:

vim /etc/apache2/httpd.conf

# Add the following line to the top of the file. This prevents an annoying error message from Apache2.

ServerName dc01-ubuntu.example.local

# Restart Apache2

/etc/init.d/apache2 restart

# Copy the PHPLDAPAdmin folder into the main web site directory. This is the lazy way of doing things. This way we don't need to create a virtual server, we just access PHPLDAPAdmin by going to: http://192.168.0.60/phpldapadmin/

cp -R /usr/share/phpldapadmin/ /var/www/phpldapadmin

There you have it! A full Ubuntu LDAP and SAMBA Domain Controller in 15 easy steps.