Cockpit Samba AD DC Plugin Documentation

What is Cockpit?

To work with the plugin, you need to have Cockpit installed. As per Cockpit’s documentation it’s an "easy-to-use, integrated, glanceable, and open web-based interface for your servers" (https://cockpit-project.org/) Cockpit helps you manage your Linux servers using a user interface that runs in a browser. It also lets developers develop their own plugins using an API cockpit provides for interacting with the server. This project sought to incorporate tasks done using the samba-tool command line utility for Samba AD DC in an intuitive UI for easier usage and administration.

Installation

Fedora 32 Installation

Prerequisite: Cockpit

1. Download the repository https://download.opensuse.org/repositories/home:/Hezekiah/Fedora_32/home:Hezekiah.repo

2. Place it to /etc/yum.repos.d/

3. Run the following command

# dnf install cockpit-samba-ad-dc

4. If you already have Cockpit on your server, point your web browser to: https://ip-address-of-machine:9090

5. Use your system user account and password to log in.

Ubuntu 20.04 Installation

Prerequisite: Cockpit

1. Update the apt package index and install packages to allow apt to use a repository over HTTPS:

$ sudo apt update
$ sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common

2. Add Cockpit-Samba-AD-DC GPG key:

$ curl -fsSL https://download.opensuse.org/repositories/home:/Hezekiah/xUbuntu_20.04/Release.key | sudo apt-key add -

3. Add the repository to the sources.list file

$ sudo add-apt-repository "deb https://download.opensuse.org/repositories/home:/Hezekiah/xUbuntu_20.04 ./"

4. Update the apt package index, and download the latest version of Cockpit-Samba-AD-DC plugin.

$ sudo apt-get update
$ sudo apt-get install cockpit-samba-ad-dc

5. If you already have Cockpit on your server, point your web browser to: https://ip-address-of-machine:9090

6. Use your system user account and password to log in.

Debian 10 Installation

Prerequisite: Cockpit

1. Update the apt package index and install packages to allow apt to use a repository over HTTPS:

$ sudo apt update
$ sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common

2. Add Cockpit-Samba-AD-DC GPG key:

$ curl -fsSL https://download.opensuse.org/repositories/home:/Hezekiah/Debian_10/Release.key | sudo apt-key add -

3. Add the repository to the sources.list file

$ sudo add-apt-repository "deb https://download.opensuse.org/repositories/home:/Hezekiah/Debian_10 ./"

4. Update the apt package index, and download the latest version of Cockpit-Samba-AD-DC plugin.

$ sudo apt-get update
$ sudo apt-get install cockpit-samba-ad-dc

5. If you already have Cockpit on your server, point your web browser to: https://ip-address-of-machine:9090

6. Use your system user account and password to log in

Using the Plugin

Provisioning an AD DC Domain

When you run the plugin in cockpit, it first checks the Samba Configuration file to make sure that the server is set as an Active Directory Domain Controller (AD DC). If the server is not, the user is prompted with to set one. Once ready, a page with a list of activities you can perform with the plugin (a page reload may be required)

Computer Management

Using the plugin you can:

• Create a computer

• Delete a computer

• Display a Computer Active Directory object

• List all computers

• Move a computer to an organizational unit/container.

Contact Management

• Creating a Contact

• Deleting a Contact

• Listing all Contacts

• Showing a Contact

Delegation Management

Use the plugin to:

• Add a service principal as msDS-AllowedToDelegateTo

• Delete a service principal as msDS-AllowedToDelegateTo

• Show the delegation setting of an account

• Set/unset UF_TRUSTED_FOR_DELEGATION for an account

• Set/unset UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION (S4U2Proxy) for an account

DNS Management

• Creating a DNS record

• Deleting a DNS record

• Cleanup DNS records

• Query for server information

• Creating zones

• Deleting zones

• Showing zone information

Domain Management

Using the plugin, you can:

• Promote an existing domain member or NT4 PDC to an AD DC

• Get basic info about a domain

• Demote a Domain Controller

• Join domain as either member or backup domain controller

• Upgrade from Samba classic (NT4-like) database to Samba AD DC database

• Create a domain or forest trust

• Delete a domain trust

• List domain trusts

• Show trusted domain details

• Validate a domain trust

• Manage forest trust namespaces

• Copy a running DC's current DB into a backup tar file

• Backup the local domain directories safely into a tar file

• Copy a running DC's DB to backup file, renaming the domain in the process

• Restore the domain's DB from a backup-file

Forest Management

• Show

• DSHeuristics

FSMO Management

• Seize Roles

• Show Roles

• Transfer Roles

Group Policy Object Management

• Creating a GPO

• Deleting a GPO

• Backing up a GPO

• Deleting link

• Fetching

• Getting Inheritance

• Getting Link

• Listing GPOs

• Listing All GPOs

• Listing Containers

• Restoring a GPO

• Setting Inheritance

• Setting Link

• Showing a GPO Object

Group Management

• Creating Groups

• Deleting Groups

• Listing Groups

• Listing Members

• Moving groups

• Removing members

• Showing a Group Object

Organization Unit (OU) Management

• Creating an OU

• Deleting an OU

• Listing OUs

• Listing Objects in an OU

• Renaming OUs

• Moving an OU

Sites Management

• Creating a Site

• Creating Subnets

• Removing a Site

• Setting a Site

• Removing a Subnet

SPN Management

• Adding

• Deleting

• Listing

User Management

Using the plugin you can:

• Create a new user

• Delete a user

• Disable a user

• Enable a user

• List all users

• Move a user to an organizational unit/container

• Change password for a user account

• Set or reset the password of a user account

• Set the expiration of a user account

• Display a user AD object

Server Time