Install and Configure Zentyal Linux 3.

5 as
A BDC (Backup Domain Controller)

Following former topics on Zentyal 3.4 installed and used as a PDC, this tutorial will
concentrate on how you can configure Zentyal 3.5 Server to act as a BDC – Backup
Domain Controller for Windows Servers or Zentyal 3.4 or 3.5 PDC, by replicating user
accounts database, but skipping installation guides since it can be used the same procedure
as described for Zentyal 3.4, without setting as a PDC.

Requirements

1. Download Zentyal 3.5 Community Edition CD ISO image – http://www.zentyal.org/server/

2. Install Zentyal 3.5 using the same procedure as described for Zentyal Linux 3.4.

Step 1: Install Required Modules for Zentyal BDC

1. After a fresh installation of Zentyal 3.5 Server, login to console prompt and verify your
server IP address using ifconfig command, if you use a DHCP server on your network that
automatically assigns IP addresses to your network hosts, to be able to login to Zentyal
Web Administration.
Verify Zentyal IP Address

2. After you get your Zentyal system IP address, open a browser from a remote location and
login to Web Remote Admin Interface using the address https://zentyal_IP and
credentials configured for Zentyal Admin User on installation process.
Login to Zentyal Web Interface

3. On the first window choose the following Zentyal packages to install so you can
configure your server to act as a BDC and hit on OK button on next prompt.

1. DNS Service
2. Firewall
3. NTP Service
4. Network Configuration
5. Users, Computers and File Sharing
Install Zentyal Software Packages

Confirm Zentyal Packages

4. Zentyal Ebox will start installing the required packages with their dependencies and
when will reach Network Interfaces configuration wizard. Here setup your Network
Interface as Internal and hit on Next button to proceed further.
Configure Network Interface

5. Due to the fact that you will be using Zentyal as a BDC in your network interface, must
be assigned with a static IP address. Choose Static as IP configuration Method, provide
your local network static IP Address, Netmask and Gateway and – very important – choose
your Primary Domain Controller IP Address or the servers responsible for DNS PDC
resolutions to be used on Domain Name Server field, then click on Next to continue.

Enter Network Interface Details

6. On the next stage on Users and Groups leave it as default and hit Skip button and the
modules installation should continue.

Select Default Server

7. After this step if you configured other static IP Address than the one automatically issued
by DHCP server, you will lose connectivity to Zentyal Server from browser. To re-login,
go back to browser and type your newly Static IP Address that you manually added above
on step 5 and use the same credentials as earlier.
Re-Login to Zentyal Web Portal

8. After all modules finish installing move to Module Status, make sure you check all
modules listed, hit on above Save Changes button and click again on Save button prompt
to apply changes and start modules.

Module Status Configuration

Step 2: Setup Zentyal 3.5 as a BDC

9. After all required modules installed and operational, it’s time to configure Zentyal 3.5 to
act as a Backup Domain Controller or Additional Domain Controller by synchronizing
User Accounts Database.

10. Go to System -> General -> Hostname and Domain and check your Hostname and
Domain name entries – provide an descriptive name for Hostname, like bdc for example
and use your main domain name on Domain field – by default this step should be
configured on system installation process by choosing your server BDC hostname.

Enter Hostname and Domain

11. But before starting to join the main domain, assure that you have connectivity and DNS
resolution to Primary Domain Controller Server. First open Putty, login to your Zentyal
BDC server and edit resolv.conf file to point to your Primary Domain Controller IP
Address or DNS Server Address responsible with PDC name resolutions.

# nano /etc/resolv.conf

This file is automatically generated by Zentyal DNS Resolver and manual changes will be
overwritten after modules restart. Replace nameserver statement line with your Primary
Domain Controller IP Address (in this case my Zentyal PDC has 192.168.1.13 IP Address –
change it accordingly).

Add Primary Domain Controller DNS

12. After the file was edited, don’t restart any modules at all and issue a ping command
with your Primary Domain Controller FQDN domain name and verify if it responds with
the correct IP Address (in this case my PDC FQDN is pdc.mydomain.com – a fictive one
used only locally).

# ping pdc.mydomain.com
Confirm Your Domain

13. If you want to conduct other DNS test go to Zentyal Web Remote Admin Tool and use
Ping and Lookup with your specific PDC FQDN domain name buttons from Network ->
Tools Menu as presented on the below screenshots.

Network Diagnostic Tool

Verify Your Domain

Verify Domain DNS Entries

14. After the DNS test revealed that everything is correctly configured and functional move
to Domain -> Settings left Menu and use the following Settings and after you finish hit on
Change button and OK on Domain Join notification prompt, then upper Save Changes to
apply configurations and stat importing User Accounts Database from your man PDC
Server.

1. Server Role = Additional Domain Controller.

2. Domain Controller FQDN = your Primary Domain Controller FQDN.
3. Domain DNS Server IP = your Primary Domain Controller IP Address or DNS responsible
with PDC resolutions.
4. Administrator Account = your Primary Domain Controller Administrator User.
5. Administrator Password = your Primary Domain Controller Administrator User password.
6. NetBIOS Domain Name = choose a domain name for NetBIOS – it can be your main
domain name.
7. Server Description = Choose a descriptive name that defines your BDC server.
Enter Domain Settings

Confirmation to Join Domain

Save Domain Changes

15. That’s it! Depending on your database size the replication process can take a while, and
after it finishes you can go to Users and Computers -> Manage and you should see the
entire Users and Computers database from PDC completely synchronized with your
Zentyal 3.5 BDC Server. Use klist command to see your domain Administrator Users.

Users and Computers Database

$ klist
Check Domain Administrator Users

16. You can also check your Zentyal 3.5 BDC from a Windows based system if you have
installed RSAT (Remote Server Administration Tools) by opening Active Directory Users
and Computers -> Domain Controllers.

Verify Zentyal from Windows

17. As the last checks and setting you can open DNS Manager and see that a new DNS A
entry has been added with your BDC Server Hostname using its IP Address. Also make
sure that you open a SSH connection to your Zentyal BDC Server with Putty and sync time
on both Domain Controllers using ntpdate command.

$ sudo ntpdate -ud domain.tld

Confirm New DNS Entries

Sync Time on Domain Controller

Zentyal Linux 3.5 Community Edition Server with Samba4 can fully participate in Active
Directory, and once configured as a part of the domain you can use RSAT Active Directory
tools from a remote location and switch FSMO roles to the AD servers on your network.