poniedziałek, 22 czerwca 2015

Samba 4

http://mark.orbum.net/2014/02/22/compiling-samba-4-on-debian-wheezy-active-directory-domain-controllers-ho/
http://sourceforge.net/projects/samba4all/files/4.1.9/Ubuntu%2014.04Sernet4.1.9/
cat /etc/lsb-release





samba-tool domain provision --use-rfc2307 --interactive

 samba-tool dns update 10.1.9.14 samba4.ad nginx2 A 192.168.163.10 10.1.9.14 -U Administrator





apt-get install acl attr krb5-user
ignore the kerb details and just accept defaults as will be overwritten later
edit fstab and add user_xattr,acl nano /etc/fstab so you end up with something like the below /dev/mapper/samba1--vg-root / ext4 user_xattr,acl,errors=remount-ro 0 1 https://wiki.samba.org/index.php/OS_Requirements#fstab_2 nano /etc/apt/sources.list.d/samba4-sernet.list paste in my case my account please get your own from https://portal.enterprisesamba.com/ # # SerNet Samba 4.1 Packages # # (ubuntu-trusty) # deb https://USERNAME:ACCESSKEY@download.sernet.de/packages/samba/4.1/ubuntu trusty main deb-src https://USERNAME:ACCESSKEY@download.sernet.de/packages/samba/4.1/ubuntu trusty main Add repo GPG key wget http://ftp.sernet.de/pub/sernet-samba-keyring_1.4_all.deb dpkg -i sernet-samba-keyring_1.4_all.deb apt-get install apt-transport-https apt-get update apt-get install sernet-samba-ad Samba4 has password minimums so we start with Mysamba4 samba-tool domain provision --domain=SAMBA4 --adminpass=Mysamba4 \ --dns-backend=SAMBA_INTERNAL --server-role=dc \ --function-level=2008_R2 --use-xattr=yes \ --use-rfc2307 --realm=SAMBA4.LAN samba-tool domain passwordsettings set --complexity=off samba-tool domain passwordsettings set --min-pwd-length=5 samba-tool user setpassword Administrator changed to samba4 so both sudo and samba password =samba4 nano /etc/default/sernet-samba to change startup mode to ad SAMBA_START_MODE="ad" reboot Add reverse zone for server on local subnet (192.168.1.3 being my server set by dhcp) samba-tool dns zonecreate 192.168.1.3 1.168.192.in-addr.arpa --username=administrator Add ptr for server (3 being IP for 1.168.192 subnet) samba-tool dns add 192.168.1.3 1.168.192.in-addr.arpa 3 PTR SAMBA1.SAMBA4.LAN --username=administrator #Check /etc/samba/smb.conf and change forwarder address to your dns server nano /etc/samba/smb.conf (192.168.1.1 being router dns) ************************************************************* dns forwarder = 192.168.1.1 ************************************************************** #Reload Samba smbcontrol all reload-config #Ok some checks to see if all is ok smbclient -L localhost -U% *********************************************************** root@samba1:~# smbclient -L localhost -U% Domain=[SAMBA4] OS=[Unix] Server=[Samba 4.1.6-SerNet-Debian-7.wheezy] Sharename Type Comment --------- ---- ------- netlogon Disk sysvol Disk IPC$ IPC IPC Service (Samba 4.1.6-SerNet-Debian-7.wheezy) Domain=[SAMBA4] OS=[Unix] Server=[Samba 4.1.6-SerNet-Debian-7.wheezy] Server Comment --------- ------- Workgroup Master --------- ------- ***************************************************************************** smbclient //localhost/netlogon -UAdministrator -c 'ls' ***************************************************************************** root@samba1:~# smbclient //localhost/netlogon -UAdministrator -c 'ls' Enter Administrator's password: Domain=[SAMBA4] OS=[Unix] Server=[Samba 4.1.6-SerNet-Debian-7.wheezy] . D 0 Fri Mar 28 15:12:07 2014 .. D 0 Fri Mar 28 15:12:12 2014 48812 blocks of size 131072. 37202 blocks available ******************************************************************************** host -t SRV _ldap._tcp.samba4.lan. ****************************************************************************** root@samba1:~# host -t SRV _ldap._tcp.samba4.lan. _ldap._tcp.samba4.lan has SRV record 0 100 389 samba1.samba4.lan. ****************************************************************************** host -t SRV _kerberos._udp.samba4.lan. ****************************************************************************** root@samba1:~# host -t SRV _kerberos._udp.samba4.lan. _kerberos._udp.samba4.lan has SRV record 0 100 88 samba1.samba4.lan. ********************************************************************************* host -t A samba1.samba4.lan. ****************************************************************************** root@samba1:~# host -t A samba1.samba4.lan. samba1.samba4.lan has address 192.168.1.8 ****************************************************************************** netstat -tapn | grep samba ****************************************************************************** root@samba1:~# netstat -tapn | grep samba tcp 0 0 0.0.0.0:464 0.0.0.0:* LISTEN 2170/samba tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 2176/samba tcp 0 0 0.0.0.0:88 0.0.0.0:* LISTEN 2170/samba tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN 2168/samba tcp 0 0 0.0.0.0:1024 0.0.0.0:* LISTEN 2164/samba tcp 0 0 0.0.0.0:3268 0.0.0.0:* LISTEN 2168/samba tcp 0 0 0.0.0.0:3269 0.0.0.0:* LISTEN 2168/samba tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 2168/samba tcp 0 0 0.0.0.0:135 0.0.0.0:* LISTEN 2164/samba ****************************************************************************** kinit Administrator@SAMBA4.LAN ********************************************************************* Password for Administrator@SAMBA4.LAN: Warning: Your password will expire in 41 days on Sat May 10 01:14:36 2014 ********************************************************************** klist ********************************************************************* root@samba1:~# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: Administrator@SAMBA4.LAN Valid starting Expires Service principal 29/03/14 00:22:41 29/03/14 10:22:41 krbtgt/SAMBA4.LAN@SAMBA4.LAN renew until 30/03/14 00:22:37 ************************************************************************ #If all is not ok the first remove the samba created config and then go back to #samba-tool domain provision .... rm /etc/samba/smb.conf rm -R /var/lib/samba/private/* rm -R /var/lib/samba/sysvol/* Install webmin apt-get install perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl apt-show-versions python wget http://prdownloads.sourceforge.net/webadmin/webmin_1.690_all.deb dpkg --install webmin_1.690_all.deb
Autor: o

Brak komentarzy:

Prześlij komentarz

Subskrybuj: Komentarze do posta (Atom)