Samba 4 Active Directory Install

Posted by Stanislav Nedelchev on Sun, 02/03/2013 - 17:42

Инсталиране на Samba 4 като active directory domain controller. Инсталацията е направена на ubuntu LTS 12.04 Първо премахваме apparmor

 sudo apt-get remove apparmor 

След това инсталираме необходимите пакети за компилацията:

 sudo apt-get install build-essential libacl1-dev libattr1-dev \ libblkid-dev libgnutls-dev libreadline-dev python-dev \ python-dnspython gdb pkg-config libpopt-dev libldap2-dev \ dnsutils libbsd-dev attr krb5-user docbook-xsl 

Правим необходимите настройки на мрежата и името на машината: За целта ще използваме мрежа 192.168.1.0/24 /etc/network/interfaces

 cat /etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address 192.168.1.200 netmask 255.255.255.0 gateway 192.168.1.1 dns-nameservers 192.168.1.200 cat /etc/resolv.conf 

 

cat /etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 192.168.1.1 nameserver 192.168.1.200 dns-search st.local 

cat /etc/hosts

cat /etc/hosts 127.0.0.1 localhost 127.0.1.1 samba 192.168.1.200 dc1 dc1.st.local

 

cat /etc/hostname dc1.st.local 

Инсталираме Git и изтеглямe Samba 4

 sudo apt-get install git cd ~/ git clone git://git.samba.org/samba.git samba-master 

Конфигурираме и инсталираме Samba 4 със поддръжка на debug.

 

cd samba-master
./configure --enable-debug --enable-selftest
sudo make && make install

След което създаваме домейн контролер със ST със kerberos real st.local като указваме да се използва вградения DNS сървър в Samba 4

sudo /usr/local/samba/bin/samba-tool domain provision \
--realm=st.local --dns-backend=SAMBA_INTERNAL --domain=ST \
--adminpass='D0main!' --server-role=dc

След изпълнение на командата би трябвало да видим следното нещо:

Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=st,DC=local
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=st,DC=local
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf
Once the above files are installed, your Samba4 server will be ready to use
Server Role:           active directory domain controller
Hostname:              dc1
NetBIOS Domain:        ST
DNS Domain:            st.local
DOMAIN SID:            S-1-5-21-2670335469-2012244559-3775614954
stano@dc1:/usr/local/samba/etc$

Копираме kerberos 5 файла в etc

sudo cp /usr/local/samba/private/krb5.conf /etc

Също така е нужно да зададе DNS Forwarder за адреси , които не са в домейна .

cat /usr/local/samba/etc/smb.conf
# Global parameters
[global]
        workgroup = ST
        realm = st.local
        netbios name = DC1
        server role = active directory domain controller
        dns forwarder = 192.168.1.1

[netlogon]
        path = /usr/local/samba/var/locks/sysvol/st.local/scripts
        read only = No

[sysvol]
        path = /usr/local/samba/var/locks/sysvol
        read only = No

След което стартираме Samba 4 в режим на debug level 2

sudo /usr/local/samba/sbin/samba -i -M single -d 2

И би трябвало да видим следното:

samba version 4.1.0pre1-GIT-eae01b0 started.
Copyright Andrew Tridgell and the Samba Team 1992-2013
samba: using 'single' process model
dreplsrv_partition[CN=Configuration,DC=st,DC=local] loaded
dreplsrv_partition[CN=Schema,CN=Configuration,DC=st,DC=local] loaded
dreplsrv_partition[DC=st,DC=local] loaded
dreplsrv_partition[DC=DomainDnsZones,DC=st,DC=local] loaded
dreplsrv_partition[DC=ForestDnsZones,DC=st,DC=local] loaded
kccsrv_partition[DC=st,DC=local] loaded
kccsrv_partition[CN=Configuration,DC=st,DC=local] loaded
kccsrv_partition[CN=Schema,CN=Configuration,DC=st,DC=local] loaded
kccsrv_partition[DC=DomainDnsZones,DC=st,DC=local] loaded
kccsrv_partition[DC=ForestDnsZones,DC=st,DC=local] loaded
/usr/local/samba/sbin/smbd: smbd version 4.1.0pre1-GIT-eae01b0 started.
/usr/local/samba/sbin/smbd: Copyright Andrew Tridgell and the Samba Team 1992-2013
/usr/local/samba/sbin/smbd: Unable to open printcap file /etc/printcap for read!

След като направим всичко това можем да добавяме в домейна windows машини. А също така и втори домейн контролер , който да е windows 2003 , 2008 и нагоре. Вдигане на нивото на домейн :

sudo /usr/local/samba/bin/samba-tool domain level raise --domain-level=2008

Вдигане на нивото на гората: sudo /usr/local/samba/bin/samba-tool domain level raise --forest-level=2008

Tags: 

Add new comment

Refresh Type the characters you see in this picture. Type the characters you see in the picture; if you can't read them, submit the form and a new image will be generated. Not case sensitive.  Switch to audio verification.