Active Directory Samba4
:
-4.03
..
:
..
2014
Windows.
Windows Server AD CAL .
AD: , ..
Active Directory (AD) Domain Controller (DC) Ubuntu Server.
Ubuntu Server 12.04.4 LTS Ubuntu Server 13.10,
1. Ubuntu
Ubuntu-server .
(hostname) ( dc1.domain.local), .
DHCP-, IP-, , DNS.
, OpenSSH server, , , .
2.
/etc/network/interfaces
. nano, vi ..
root ,
sudo su
, root.
root #
, root , sudo
sudo nano /etc/network/interfaces
, ,
iface eth0 inet dhcp
ip-.
:
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.10.1
netmask 255.255.255.0
gateway 192.168.10.10
dns-nameservers 192.168.10.10
dns-search domain.local domain
/etc/init.d/networking restart
3.
OpenSSH server ,
apt-get install ssh
,
apt-get update && apt-get upgrade
, ntp-
|
|
apt-get install ntp
Samba4 , .
apt-get install git checkinstall build-essential libacl1-dev libattr1-dev libblkid-dev libgnutls-dev libreadline-dev python-dev python-dnspython gdb pkg-config libpopt-dev libldap2-dev dnsutils libbsd-dev attr docbook-xsl libcups2-dev acl
4. Samba4
Samba vfs , /etc/fstab, user_xattr,acl,barrier=1 /
nano /etc/fstab
, - :
/dev/mapper/dc1--vg-root / ext4 user_xattr,acl,barrier=1, errors=remount-ro 0 1
reboot
root
sudo su
Samba GIT
cd /usr/src
git clone -b v4-1-stable git://git.samba.org/samba.git samba-v4-1-stable
, Samba
cd samba-v4-1-stable &&./configure --enable-debug && make && checkinstall
--enable-debug Samba.
, Samba ( ), , /usr/local/samba/sbin /usr/local/samba/bin /etc/sudoers secure_path /etc/environment PATH, :/usr/local/samba/sbin:/usr/local/samba/bin
nano /etc/sudoers
- :
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin :/usr/local/samba/sbin:/usr/local/samba/bin "
nano /etc/environment
- :
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games :/usr/local/samba/sbin:/usr/local/samba/bin "
( )
reboot
5. AD
DNS AD Samba, bind
service bind9 stop && update-rc.d bind9 disable
AD Samba samba-tool.
Samba
samba-tool domain provision
, , , .
Administrator AD, : , , 8 .
:
ERROR(ldb): uncaught exception 0000052D: Constraint violation check_password_restrictions: the password is too short. It should be equal or longer than 7 characters!
, /usr/local/samba/private/ /usr/local/samba/etc/
samba-tool domain passwordsettings set --min-pwd-length=6 --complexity=off --max-pwd-age=0 --min-pwd-age=0
|
|
, , 6
Samba [global]
nano /usr/local/samba/etc/smb.conf
allow dns updates = nonsecure and secure
printing = bsd
printcap name = /dev/null
DNS- , ( windows) , .
/etc/resolvconf/resolv.conf.d/head DNS- Samba 127.0.0.1
echo "nameserver 127.0.0.1" >> /etc/resolvconf/resolv.conf.d/head
resolvconf
service resolvconf restart
Kerberos
apt-get install krb5-user
AD samba-tool domain provision
mv /etc/krb5.conf /etc/krb5.conf.old
cp /usr/local/samba/private/krb5.conf /etc/krb5.conf
Samba :
nano /etc/init.d/samba4
/etc/init.d/samba4
chmod 755 /etc/init.d/samba4
update-rc.d samba4 defaults
reboot
6.
samba
ps aux | grep samba
root 865 0.3 3.0 95408 31748? Ss 18:59 0:00 /usr/local/samba/sbin/samba -D
DNS
nslookup dc1
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: dc1.domain.local
Address: 192.168.10.1
AD
smbclient -L localhost -U%
Domain=[DOMAIN] OS=[Unix] Server=[Samba 4.1.6]
Sharename Type Comment
netlogon Disk
sysvol Disk
IPC$ IPC IPC Service (Samba 4.1.6)
Domain=[DOMAIN] OS=[Unix] Server=[Samba 4.1.6]
Server Comment
Workgroup Master
-------
Kerberos
kinit administrator
Warning: Your password will expire in 41 days on Wed Apr 23 18:49:14 2014
Ticket kerberos'a
klist
Valid starting Expires Service principal
12/03/2014 19:17 13/03/2014 05:17 krbtgt/[email protected]
netlogon
smbclient //localhost/netlogon -UAdministrator -c 'ls'
Domain=[DOMAIN] OS=[Unix] Server=[Samba 4.1.6]
. D 0 Wed Mar 12 18:46:48 2014
D 0 Wed Mar 12 18:49:15 2014
AD :
samba-tool Ubuntu
Administration Tools Pack Windows XP
Remote Server Administration Tools (RSAT) Windows 7
wiki Samba, :
wiki.samba.org/index.php/Samba_AD_DC_HOWTO, .
: http://habrahabr.ru/post/215573/