Zentyal: The ultimate guide to Active Directory and Samba File Server setup
Zentyal is a powerful Linux-based alternative to Windows Server, allowing you to deploy a full-featured Domain Controller within your virtual infrastructure (e.g., using Proxmox VE as your hypervisor). This guide covers the journey from a "vanilla" installation to a production-ready domain with network shares and connected Windows clients.
System Preparation
Before you start clicking buttons, ensure the following:
- The server has a Static IP address.
- You have chosen a Domain Name (e.g., office.lan).
- Zentyal is installed with the following modules: DNS, Domain Controller and File Sharing, and Users and Computers.
This tutorial uses Zentyal 8.0. The interface may vary in other versions.
If you are using the Zentyal ISO installer, select the "Domain Controller" role. The system will automatically mark all three required modules for installation.
If this is your first login post-installation, select the Domain Controller server role and wait for the components to install. You can skip the initial wizard and perform configurations manually for better control.
Configuring the Domain Name
Navigate to System -> General and specify your Domain Name (e.g., office.lan). Crucial: Click Change, then click Save Changes at the top right to apply the settings.
DNS Module Configuration
Active Directory is critically dependent on DNS. If DNS is misconfigured, Windows clients simply won't "see" your domain.
Step 1: Go to Module Status. Ensure the DNS module is enabled. If not, toggle it on and save changes.
Step 2: Navigate to Infrastructure -> DNS.
Forwarders Tab: Add external DNS servers (e.g., 8.8.8.8 or your ISP's DNS). These handle requests that cannot be resolved locally. Click Add New -> Save Changes.
Domains Tab: This should already contain an entry for your domain (office.lan).
Active Directory Controller Setup
Now, let's transform the server into a functional Domain Controller.
Step 1: In Module Status, enable Domain Controller and File Sharing. If you encounter an error, go to the link:
and ensure your server's IP is correctly assigned:
Step 2: Navigate to the Domain tab.
Step 3: Verify the parameters: Server Role: Domain Controller. NetBIOS name: OFFICE. Domain Realm: office.lan. Drive Letter: This defines which letter will be assigned to the network drive automatically mounted for every domain user upon login.
Creating Domain Users and Groups
A domain is just a shell until it has users.
Step 1: In the sidebar, go to Users and Computers -> Manage.
Step 2: Select Users from the left-hand tree.
Step 3: Click Add New (+).
Step 4: Create a user (e.g., admin.work or i.user) and set a strong password. Click Add.
Use the same section to create Groups. Organising users into groups (e.g., "HR", "IT", "Sales") is the most efficient way to manage access permissions.
Updating the Domain Administrator
By default, Zentyal creates an Administrator user belonging to the Domain Admins and Schema Admins groups.
Set a secure password for this account immediately. You will need it to join servers to the domain and perform high-level administrative tasks.
You can create a new domain administrator by adding a user to the Domain Admins and Schema Admins groups.
Configuring Samba Network Shares
To allow file sharing, we need to create a directory with specific Access Control Lists (ACLs).
Step 1: Ensure the File Sharing module is active in Module Status.
Step 2: Go to File Sharing -> Shares.
Step 3: Click Add New, name the folder (e.g., Shared_Files), and select the path: Directory under Zentyal /home/samba.
Step 4: Set Permissions (ACL): In the share list, click the Access Control icon.
Step 5: Click Add New, select your user (or the Domain Users group), and set the permissions to Read Write.
Always click Save Changes in the top header to commit your configuration to the live system.
Joining Linux Workstations (Ubuntu/Debian)
This section covers how to join an Ubuntu or Debian machine to your new domain so users can log in with their domain credentials.
Preparation and Installation
Ensure your Linux client's DNS is pointing to the Zentyal server IP. Then, install the required packages:
sudo apt update && sudo apt install realmd sssd sssd-tools adcli libpam-sss -y
Modify the DNS settings within your network adapter properties. In our example, we are using Ubuntu Desktop. Generally, any desktop environment will provide a way to configure this parameter. Alternatively, you can always perform this via the command line – the specific method will depend on your distribution: Netplan for Ubuntu or the traditional /etc/network/interfaces file for Debian.
In Linux, it is best to keep only your Domain Controller's IP in your DNS settings. Zentyal’s DNS Forwarders will handle global internet name resolution for the client.
Joining the Domain
Run the following command (replace office.lan with your domain):
sudo realm join -U Administrator office.lan
Enter the Domain Administrator password when prompted.
Configuring Sudo Rights
To allow the "Domain Admins" group to use sudo, create a configuration file:
echo "%Domain\ Admins@office.lan ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/domain-admins
Automatic Home Directory Creation
To ensure a /home/user folder is created automatically upon the first domain login:
sudo pam-auth-update --enable mkhomedir
Login Verification
Pay close attention to the username format, as it differs from the standard format typically used on Windows.
Joining a Windows Server/Client to the Domain
Finally, let's connect a Windows machine to verify the setup.
Windows Network Setup
Open Network and Internet -> Network connections.
- Right-click your adapter -> Properties.
- Select Internet Protocol Version 4 (TCP/IPv4) -> Properties.
In the Preferred DNS server field, enter the IP address of your Zentyal server. This is the most critical step.
Joining the Domain
Step 1. Open System Properties (System -> Advanced system settings); Computer name tab -> Change button.
Step 2. Select the "Member of Domain" field and enter your domain name. In our example, this is office.lan.
Step 3. In the window that appears, enter the login and password of a user from the domain administrators group. Earlier in this manual, we set the password for the Administrator account, which is a member of the domain administrators group.
After successfully joining the domain, restart Windows. After the reboot, you will be able to use a domain account to log in to Windows.
Login and Verification
At the login screen, select Other user and enter the credentials in this format: OFFICE\i.user (Replace i.user with the username you created).
Once logged in, open My Computer. You should see a mapped network drive (usually H:). This is the Samba share you created in the Zentyal interface.
Congratulations! You have deployed a full-scale IT infrastructure. Zentyal is now successfully managing your DNS, Active Directory (AD), and Samba File Services.
