Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
bkarl
Staff
Staff

Created on ‎01-23-2023 10:22 PM Edited on ‎01-23-2023 10:37 PM By Community Manager

Article Id 243706

Technical Tip: How to deploy a small domain controller on CentOS 8 for test on lab environment

Description

This article describes a way to deploy a small domain controller using Samba 4 on CentOS 8 for tests on lab environment.
Scope CentOS FortiGate.
Solution

Type: sudo su  // this command is to switch the root user.

 

bkarl_0-1674493611776.png

 

After that, type: ps ax | egrep “samba|smbd|nmbd|winbindd”.

 

bkarl_1-1674493633927.png

 

Now check the status typing sestatus:

 

bkarl_2-1674493653257.png

 

Now, install epel service using:

 

yum install epel -release -y

 

bkarl_3-1674493688287.png

 

Then, install Samba 4 typing:

 

yum -y install samba*

 

To confirm the Samba version, type: smbd -V.

Then, move Samba files according to the following way:

 

mv /etc/samba/smb.conf. /etc/samba/smb.conf

 

Edit smb.conf file

vim /etc/samba/smb.conf.

 

Fill it as the next picture:

 

bkarl_4-1674493714429.png

 

In order to check the service, type the command as in the picture:

 

bkarl_5-1674493731851.png

 

Create folders and directories for logs:

 

bkarl_6-1674493745319.png

 

Create users and groups and then add them to the Samba service.

 

bkarl_7-1674493758362.png

 

bkarl_8-1674493770375.png

 

bkarl_9-1674493780706.png

 

bkarl_10-1674493789191.png

 

Start smb.service

 

bkarl_11-1674493802928.png

 

Type: systemctml enable nmb  & systemctml enable smb

 

bkarl_12-1674493817568.png

 

Type the following commands in order to check CentOS FIREWALL, and set the domain controller.

 

bkarl_13-1674493835525.png

 

bkarl_14-1674493842699.png

 

bkarl_15-1674493850208.png

 

Edit selinux file:

 

bkarl_16-1674493865591.png

 

Make sure the configuration should be like the next image.

 

bkarl_17-1674493878191.png

 

Set the TCP & UDP  ports on Linux firewall:

 

firewall-cmd –permanent –add-port=53/tcp

firewall-cmd –permanent –add-port=53/udp

firewall-cmd –permanent –add-port=88/tcp

firewall-cmd –permanent –add-port=88/udp

firewall-cmd –permanent –add-port=135/tcp

firewall-cmd –permanent –add-port=135/udp

firewall-cmd –permanent –add-port=137/tcp

firewall-cmd –permanent –add-port=138/udp

firewall-cmd –permanent –add-port=139/tcp

firewall-cmd –permanent –add-port=389/tcp

firewall-cmd –permanent –add-port=389/udp

firewall-cmd –permanent –add-port=445/tcp

firewall-cmd –permanent –add-port=464/udp

firewall-cmd –permanent –add-port=464/tcp

firewall-cmd –permanent –add-port=636/tcp

firewall-cmd –permanent –add-port=1024-5000/tcp

firewall-cmd –permanent –add-port=1024-5000/udp

firewall-cmd –permanent –add-port=3268/tcp

firewall-cmd –permanent –add-port=3269/tcp

firewall-cmd –permanent –add-port=5353/tcp

firewall-cmd –permanent –add-port=5353/udp

Finally, edit the next file as below

 

bkarl_18-1674493896851.png

 

bkarl_19-1674493904584.png

 

bkarl_20-1674493914787.png

 

Now, only join a windows client o the domain as windows configuration normally.
358
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.