Sources
Zur Navigation springen
Zur Suche springen
Installation
Interface anpassen
vi /etc/network/interfaces
address 192.168.0.100 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1 dns-nameservers 192.168.0.100 8.8.8.8 (we use our server as DNS + google DNS as secondary DNS) dns-search mydomain.lan ### IPs NOCH ANPASSEN! ###
hosts anpassen
vi /etc/hosts 127.0.0.1 localhost.localdomain localhost 192.168.0.100 DC01.mydomain.lan DC01
sudo echo DC01.mydomain.lan > /etc/hostname /etc/init.d/networking restart
Pakete und libs installieren
sudo apt-get update && apt-get upgrade -y sudo apt-get install git build-essential libacl1-dev libattr1-dev libblkid-dev libgnutls-dev libreadline-dev \ python-dev python-dnspython gdb pkg-config libpopt-dev libldap2-dev dnsutils libbsd-dev attr krb5-user docbook-xsl libcups2-dev libpam0g-dev ntp -y
You'll be asked for kerberos informations. When asked for the default realm etc, enter mydomain.lan and DC01 as the host.
samba4 downloaden und installieren
git clone -b v4-0-stable git://git.samba.org/samba.git samba4
cd samba4
./configure --enable-debug --enable-selftest
make
make install
Links setzen
ln -s /usr/local/samba/sbin/* /usr/local/sbin ln -s /usr/local/samba/bin/* /usr/local/bin
Domain anlegen
vorher das löschen:
rm /usr/local/samba/etc/smb.conf
realm, domain und adminpass sollten/können angepasst werden!
samba-tool domain provision --realm=mydomain.lan --domain=mydomain --adminpass="your_password" --server-role=dc --dns-backend=SAMBA_INTERNAL
Start von samba
samba
smbversion
Diese sollten übereinstimmen:
/usr/local/samba/sbin/samba -V /usr/local/samba/bin/smbclient -V
/usr/local/samba/bin/smbclient -L localhost -U%
Sollte so aussehen:
Sharename Type Comment --------- ---- ------- netlogon Disk sysvol Disk IPC$ IPC IPC Service (Samba 4.0.5)
Authentication check:
Passwort in dem Command ändern!
/usr/local/samba/bin/smbclient //localhost/netlogon -UAdministrator%"your_password" -c 'ls'
Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 4.0.5] . D 0 Fri May 17 21:40:08 2013 .. D 0 Fri May 17 21:42:36 2013
DNS setzen
Forwarder eintragen
echo domain MYDOMAIN.LAN >> /etc/resolv.conf sudo vi /usr/local/samba/etc/smb.conf
füge hinzu: (Man kann natürlich auch seinen eigenen DNS angeben)
dns forwarder = 8.8.8.8 (I use google DNS here again)
Check
host -t SRV _ldap._tcp.mydomain.lan _ldap._tcp.mydomain.lan has SRV record 0 100 389 DC01.mydomain.lan. host -t SRV _kerberos._udp.mydomain.lan _kerberos._udp.mydomain.lan has SRV record 0 100 88 DC01.mydomain.lan host -t A DC01.mydomain.lan DC01.mydomain.lan has address 192.168.0.100.
Wenn "host mydomain.lan not found 3(NXDOMAIN)" ausgegeben wird, ist Samba nicht richtig gestartet!
Kerberos
ändere $(REALM) zu MYDOMAIN.LAN
vi /usr/local/samba/share/setup/krb5.conf
mkdir -m 770 /share chmod g+s /share chown root:users /share
vi /usr/local/samba/etc/smb.conf
füg das ein:
[share] directory_mode: parameter = 0700 read only = no path = /share csc policy = documents
Misc
ntp
vi /etc/ntp.conf
füge einen von hier hinzu:
http://www.pool.ntp.org/zone/de
service ntp restart ntpdate 0.de.pool.ntp.org ntpq -p
Adminpasswort läuft nicht ab
/usr/local/samba/bin/samba-tool user setexpiry administrator --noexpiry
samba upstart script
vi /etc/init/samba
description "SMB/CIFS File and Active Directory Server" author "Jelmer Vernooij <jelmer@ubuntu.com>" start on (local-filesystems and net-device-up) stop on runlevel [!2345] expect fork normal exit 0 pre-start script [ -r /etc/default/samba4 ] && . /etc/default/samba4 install -o root -g root -m 755 -d /var/run/samba install -o root -g root -m 755 -d /var/log/samba end script exec samba -D
Kennwortrichtlinie in Samba 4 Domain deaktivieren
samba-tool domain passwordsettings set --complexity=off samba-tool domain passwordsettings set --history-length=0 samba-tool domain passwordsettings set --min-pwd-age=0 samba-tool domain passwordsettings set --max-pwd-age=0 samba-tool domain passwordsettings set --min-pwd-length 0
Kennwortrichtlinie in Samba 4 Domain anzeigen
samba-tool domain passwordsettings show
Freigaben einrichten
Die Partition muss mit den Optionen user_xattr und acl gemountet sein ... /dev/vdb /mnt ext4 user_xattr,acl 1 1
SeDiskOperatorPrivilege
net rpc rights grant 'WILLUX\Domain Admins' SeDiskOperatorPrivilege -Uadministrator
Vorhandene Rechte lassen sich so Anzeige
net rpc rights list accounts -Uadministrator
Winbind
winbind links setzen
- Architektur ermitteln
gcc -print-multiarch
- Links ersetzen
ln -sf /usr/local/samba/lib/libnss_winbind.so.2 /lib/$(gcc -print-multiarch)/libnss_winbind.so ln -sf /lib/$(gcc -print-multiarch)/libnss_winbind.so /lib/x86_64-linux-gnu/libnss_winbind.so.2
- aus den paketen
ln -s /lib/x86_64-linux-gnu/libnss_winbind.so.2 /lib/x86_64-linux-gnu/libnss_winbind.so
nsswitch.conf ändern
passwd: compat winbind group: compat winbind
ist winbind is "pingbar
/usr/local/samba/bin/wbinfo -p Ping to winbindd succeeded
anzeigen der userliste
/usr/local/samba/bin/wbinfo -u Administrator Guest krbtgt
funtioniert nsswitch
getent passwd ... WILLUX\Administrator:*:0:100::/home/WILLUX/Administrator:/bin/false WILLUX\Guest:*:3000011:3000012::/home/WILLUX/Guest:/bin/false WILLUX\krbtgt:*:3000017:100::/home/WILLUX/krbtgt:/bin/false
Userverwaltung
howto
https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO