Sources

Aus xinux.net
Zur Navigation springen Zur Suche springen

Installation

Interface anpassen

vi /etc/network/interfaces

address 192.168.0.100
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1 
dns-nameservers 192.168.0.100 8.8.8.8 (we use our server as DNS + google DNS as secondary DNS)
dns-search mydomain.lan
### IPs NOCH ANPASSEN! ###

hosts anpassen

vi /etc/hosts

127.0.0.1       localhost.localdomain   localhost 
192.168.0.100   DC01.mydomain.lan       DC01

sudo echo DC01.mydomain.lan > /etc/hostname
/etc/init.d/networking restart

Pakete und libs installieren

sudo apt-get update && apt-get upgrade -y
sudo apt-get install git build-essential libacl1-dev libattr1-dev libblkid-dev libgnutls-dev libreadline-dev \
python-dev python-dnspython gdb pkg-config libpopt-dev libldap2-dev dnsutils libbsd-dev attr krb5-user docbook-xsl libcups2-dev libpam0g-dev ntp -y

You'll be asked for kerberos informations. When asked for the default realm etc, enter mydomain.lan and DC01 as the host.

samba4 downloaden und installieren

git clone -b v4-0-stable git://git.samba.org/samba.git samba4

cd samba4

./configure --enable-debug --enable-selftest 

make 

make install

Links setzen

ln -s /usr/local/samba/sbin/* /usr/local/sbin
ln -s /usr/local/samba/bin/* /usr/local/bin

Domain anlegen

vorher das löschen: 

rm /usr/local/samba/etc/smb.conf

realm, domain und adminpass sollten/können angepasst werden! 

samba-tool domain provision --realm=mydomain.lan --domain=mydomain --adminpass="your_password" --server-role=dc --dns-backend=SAMBA_INTERNAL

Start von samba

samba

smbversion, share und auth check

smbversion

Diese sollten übereinstimmen: 

/usr/local/samba/sbin/samba -V
/usr/local/samba/bin/smbclient -V

shares anzeigen:

/usr/local/samba/bin/smbclient -L localhost -U%

Sollte so aussehen: 

Sharename      Type      Comment      
---------        ----       -------        
netlogon         Disk 
sysvol            Disk 
IPC$              IPC         IPC Service (Samba 4.0.5)

Authentication check:

Passwort in dem Command ändern! 

/usr/local/samba/bin/smbclient //localhost/netlogon -UAdministrator%"your_password" -c 'ls'

Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 4.0.5]  
.                                   D        0  Fri May 17 21:40:08 2013   
..                                  D        0  Fri May 17 21:42:36 2013

DNS setzen

Forwarder eintragen

echo  domain MYDOMAIN.LAN >> /etc/resolv.conf
sudo vi  /usr/local/samba/etc/smb.conf

füge hinzu: (Man kann natürlich auch seinen eigenen DNS angeben) 

dns forwarder = 8.8.8.8 (I use google DNS here again)

Check

host -t SRV _ldap._tcp.mydomain.lan
_ldap._tcp.mydomain.lan has SRV record 0 100 389 DC01.mydomain.lan.


host -t SRV _kerberos._udp.mydomain.lan
_kerberos._udp.mydomain.lan has SRV record 0 100 88 DC01.mydomain.lan

host -t A DC01.mydomain.lan
DC01.mydomain.lan has address 192.168.0.100.

Wenn "host mydomain.lan not found 3(NXDOMAIN)" ausgegeben wird, ist Samba nicht richtig gestartet!

Kerberos

ändere $(REALM) zu MYDOMAIN.LAN 

vi /usr/local/samba/share/setup/krb5.conf

Share hinzufügen

mkdir -m 770 /share
chmod g+s /share
chown root:users /share

vi /usr/local/samba/etc/smb.conf

füg das ein: 

[share]
directory_mode: parameter = 0700
read only = no
path = /share
csc policy = documents

Misc

ntp

vi /etc/ntp.conf

füge einen von hier hinzu: 

http://www.pool.ntp.org/zone/de

service ntp restart
ntpdate 0.de.pool.ntp.org
ntpq -p

Adminpasswort läuft nicht ab

/usr/local/samba/bin/samba-tool user setexpiry administrator --noexpiry

samba upstart script

vi /etc/init/samba

description "SMB/CIFS File and Active Directory Server"
author      "Jelmer Vernooij <jelmer@ubuntu.com>" 

start on (local-filesystems and net-device-up)
stop on runlevel [!2345]

expect fork
normal exit 0 

pre-start script
	[ -r /etc/default/samba4 ] && . /etc/default/samba4
	install -o root -g root -m 755 -d /var/run/samba
	install -o root -g root -m 755 -d /var/log/samba
end script 
 
exec samba -D

Kennwortrichtlinie in Samba 4 Domain deaktivieren

samba-tool domain passwordsettings set --complexity=off
samba-tool domain passwordsettings set --history-length=0
samba-tool domain passwordsettings set --min-pwd-age=0
samba-tool domain passwordsettings set --max-pwd-age=0
samba-tool domain passwordsettings set --min-pwd-length 0

Kennwortrichtlinie in Samba 4 Domain anzeigen

samba-tool domain passwordsettings show

Freigaben einrichten

Die Partition muss mit den Optionen user_xattr und acl  gemountet sein ... 
/dev/vdb /mnt    ext4 user_xattr,acl 1 1

SeDiskOperatorPrivilege

net rpc rights grant 'WILLUX\Domain Admins' SeDiskOperatorPrivilege -Uadministrator

Vorhandene Rechte lassen sich so Anzeige

net rpc rights list accounts -Uadministrator

Winbind

winbind links setzen

  • Architektur ermitteln
gcc -print-multiarch
  • Links ersetzen
ln -sf /usr/local/samba/lib/libnss_winbind.so.2 /lib/$(gcc -print-multiarch)/libnss_winbind.so
ln -sf /lib/$(gcc -print-multiarch)/libnss_winbind.so /lib/x86_64-linux-gnu/libnss_winbind.so.2
  • aus den paketen
ln -s /lib/x86_64-linux-gnu/libnss_winbind.so.2 /lib/x86_64-linux-gnu/libnss_winbind.so

nsswitch.conf ändern

passwd:         compat winbind
group:          compat winbind

ist winbind is "pingbar

/usr/local/samba/bin/wbinfo -p 
Ping to winbindd succeeded

anzeigen der userliste

/usr/local/samba/bin/wbinfo -u
Administrator
Guest
krbtgt

funtioniert nsswitch

getent passwd
...
WILLUX\Administrator:*:0:100::/home/WILLUX/Administrator:/bin/false
WILLUX\Guest:*:3000011:3000012::/home/WILLUX/Guest:/bin/false
WILLUX\krbtgt:*:3000017:100::/home/WILLUX/krbtgt:/bin/false

Userverwaltung

howto

https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO

installation

Abgerufen von „https://xinux.net/index.php?title=Sources&oldid=4466