Zentyal Domain Controller
Theo Pontbriand
A Domain, in this context, consists of several distributed services alongall controllers, where the LDAP directory, DNS server and distributedauthentication through Kerberos [4], are the most important.
The Domain concept in Zentyal is strongly related to the Microsoft ActiveDirectory implementation. In other words, there are servers replicatingdirectory information and clients joined to the domain, applying the policiesassigned to their Organizational Unit (OU).
This section describes the functionality and information available in the ZentyalLDAP directory using any of the domain operation modes. The next sections willdescribe how to configure and make use of the features of these modes.
From the Domain menu, you can check the operation mode of yourLDAP server before enabling the module. If you have already enabled theDomain Controller and File Sharing module, your server will operateas a Stand-alone server by default.
By enabling PAM (Pluggable Authentication Modules) [10], you allow the usersconfigured in the directory to be valid users in the local server as well. Thisway you can, for example, create a user in the directory capable of accessingthe Zentyal server via SSH using their LDAP credentials.
On the right side you can see and modify the LDAP attributes of the currentlyselected node, for example, the last name of an user. If you are using aCommercial Zentyal Edition, you can also upload a user profile picture from here.
By selecting a group, you can also modify the users belonging to the group, createmail distribution lists and change the type of the group. The groups of typeSecurity Group (by default), contain the users that will be able tologin on the other domain services. The Distribution Group containsusers that will be used for other purposes like mailing lists. A user can belong toseveral groups.
Once you have enabled the Domain Controller and File Sharing, youcan offer File Sharing functionality, join Windows clients to the domain,configure and link GPOs (Group Policy Objects) and accept connections from newadditional domain controllers, from both Windows Server and Zentyal.
Probably one of the first operations you need to perform in your domain is tocreate a user in the directory and join it to the Domain Admins group. Bydoing this, the user will have all the effective permissions over the domain.
After the process is complete, your Windows host will appear in the LDAP tree,under the Computers OU. The user will be applied the configured GPOs and theuser will obtain Kerberos tickets automatically upon login (see the Kerberossection below).
By default, each domain user has their folder and it is mounted in the drive letter H, however, if you do not want to usethis feature, you can disable it by modifying the parameter disable_home_share in the configuration file /etc/zentyal/samba.conf,you can uncomment it or set to yes. After that, you must restart the module as follows:
When the roaming profiles are enabled, the data and configurations of the usersare stored in the server in addition to the local profile. When the userauthenticates on any of the domain client machines, the profile stored on theserver is loaded locally and when the user logs out, the remote profile issynchronized with the local profile.
This operation is done automatically with Windows clients joined to thedomain. Login credentials are sent to the Domain Controller (any of them) andthe user is verfied. If the LDAP user is correct, the controller automaticallyprovides the TGT along with other necessary tickets to allow file sharing tothe client.
Once the client has obtained the Kerberos TGT ticket, all the otherKerberos-compatible services in your domain will accept tickets provided by theclient. These are obtained automatically, when the user requests access to a service.
Zentyal administrator can change the password of any user from the web interface.In most cases, however, it is more convenient that the user has the means tochange his/her password without having to notify the administrator. This can bedone in a few different ways:
By using GPOs you can autoconfigure and enforce policies for the clientcomputers. You can establish global policies for the whole domain or specificpolicies for Organizational Units or Sites (physical locations).
You can create GPOs with any Windows client joined to the domain. To accomplishthis, you need to install the Microsoft RSAT tools, log in with the DomainAdmin user account and then design the desired GPO with the RSAT.
Thanks to the integration of Samba4 technologies, Zentyal is able to become anAdditional Controller of an existing domain. This can be either by joiningto a Windows Server or any other Samba4-based controller like, for example,another Zentyal server.
From now on the LDAP information, the DNS domain associated to Samba (the localdomain) and Kerberos will be synchronized both ways. It is possible to manage theLDAP information (users, groups, OUs...) in any of the controllers. The changesmade in any of the controllers will be replicated automatically to the othercontrollers.
All the domain controllers have replicated the domain information mentionedpreviously. However, there are some specific roles that belong to a specificserver host. These are called FSMO roles or Operations Masters.
From the Export domain section, you can export both the domaincontroller users and groups. To export this data, you have to click on the iconbelow the Export menu. Once the process has finished, the icon underthe CSV available column will change to a green circle and you willbe able to download the .csv file by clicking on the icon under theDownload csv column.
Choosing the best Linux server distro is crucial for your domain controller. Zentyal stands out as an excellent choice, offering a user-friendly interface and comprehensive server management features tailored for small and medium-sized businesses.
Follow the installation instructions provided by Zentyal to install the server distro on your hardware. Zentyal offers a graphical installer that guides you through the setup process, making it accessible even for beginners.
Configure network settings such as DNS, DHCP, and gateway settings to ensure seamless communication within your domain network. Zentyal simplifies network management, allowing you to set up and manage these services effortlessly.
CountrySelect CountryUnited States of AmericaAaland IslandsAfghanistanAlbaniaAlgeriaAmerican SamoaAndorraAngolaAnguillaAntarcticaAntigua And BarbudaArgentinaArmeniaArubaAustraliaAustriaAzerbaijanBahamasBahrainBangladeshBarbadosBelarusBelgiumBelizeBeninBermudaBhutanBoliviaBonaire, Saint Eustatius and SabaBosnia and HerzegovinaBotswanaBouvet IslandBrazilBritish Indian Ocean TerritoryBrunei DarussalamBulgariaBurkina FasoBurundiCambodiaCameroonCanadaCape VerdeCayman IslandsCentral African RepublicChadChileChinaChristmas IslandCocos (Keeling) IslandsColombiaComorosCongoCook IslandsCosta RicaCote D'IvoireCroatiaCubaCuracaoCyprusCzech RepublicDemocratic Republic of the CongoDenmarkDjiboutiDominicaDominican RepublicEcuadorEgyptEl SalvadorEquatorial GuineaEritreaEstoniaEthiopiaFalkland IslandsFaroe IslandsFijiFinlandFranceFrench GuianaFrench PolynesiaFrench Southern TerritoriesGabonGambiaGeorgiaGermanyGhanaGibraltarGreeceGreenlandGrenadaGuadeloupeGuamGuatemalaGuernseyGuineaGuinea-BissauGuyanaHaitiHeard and Mc Donald IslandsHondurasHong KongHungaryIcelandIndiaIndonesiaIranIraqIrelandIsle of ManIsraelItalyJamaicaJapanJersey (Channel Islands)JordanKazakhstanKenyaKiribatiKuwaitKyrgyzstanLao People's Democratic RepublicLatviaLebanonLesothoLiberiaLibyaLiechtensteinLithuaniaLuxembourgMacauMacedoniaMadagascarMalawiMalaysiaMaldivesMaliMaltaMarshall IslandsMartiniqueMauritaniaMauritiusMayotteMexicoMicronesia, Federated States ofMoldova, Republic ofMonacoMongoliaMontenegroMontserratMoroccoMozambiqueMyanmarNamibiaNauruNepalNetherlandsNetherlands AntillesNew CaledoniaNew ZealandNicaraguaNigerNigeriaNiueNorfolk IslandNorth KoreaNorthern Mariana IslandsNorwayOmanPakistanPalauPalestinePanamaPapua New GuineaParaguayPeruPhilippinesPitcairnPolandPortugalPuerto RicoQatarRepublic of KosovoReunionRomaniaRussiaRwandaSaint Kitts and NevisSaint LuciaSaint MartinSaint Vincent and the GrenadinesSamoa (Independent)San MarinoSao Tome and PrincipeSaudi ArabiaSenegalSerbiaSeychellesSierra LeoneSingaporeSint MaartenSlovakiaSloveniaSolomon IslandsSomaliaSouth AfricaSouth Georgia and the South Sandwich IslandsSouth KoreaSouth SudanSpainSri LankaSt. HelenaSt. Pierre and MiquelonSudanSurinameSvalbard and Jan Mayen IslandsSwazilandSwedenSwitzerlandSyriaTaiwanTajikistanTanzaniaThailandTimor-LesteTogoTokelauTongaTrinidad and TobagoTunisiaTurkeyTurkmenistanTurks & Caicos IslandsTurks and Caicos IslandsTuvaluUgandaUkraineUnited Arab EmiratesUnited KingdomUruguayUSA Minor Outlying IslandsUzbekistanVanuatuVatican City State (Holy See)VenezuelaVietnamVirgin Islands (British)Virgin Islands (U.S.)Wallis and Futuna IslandsWestern SaharaYemenZambiaZimbabwe
I maybe going about this in completely the wrong way, but it looks although Zentyal can only be configured as a domain controller or an additional domain controller before I can enable the file sharing module.
My goal was to take the SBS completely offline. and upgrade the Zentyal box to the Main domain controller, unfortunately this failed miserably. I had to end up starting over, setting up Zentyal server as a single domain controller, then creating all the user accounts in a text file, then ran a script to import them into Zentyal.
I am finally up and running. The Zentyal is acting as a File Server (using Samba) to Windows clients, as well as it is acting as a DHCP and DNS server. All is working well in a production environment, finally.
11. Next step is configuring your time. If your system is connected to the Internet the installer will automatically detect your time zone. So press Yes if your time setting is the correct one.
c80f0f1006