https://wiki.ixheim.de/index.php?action=history&feed=atom&title=Sernet_Ubuntu 2026-06-29T13:18:19Z Versionsgeschichte dieser Seite in Xinux Wiki MediaWiki 1.35.1 https://wiki.ixheim.de/index.php?title=Sernet_Ubuntu&diff=11704&oldid=prev 2016-12-12T10:52:52Z

<p>Die Seite wurde neu angelegt: „=preparation= ==/etc/resolv.conf== nameserver 192.168.240.200 search xinux.org ==/etc/hostname== gondor.xinux.org ==/etc/hosts== 127.0.0.1 localhos…“</p> <p><b>Neue Seite</b></p><div>=preparation=<br /> ==/etc/resolv.conf==<br /> nameserver 192.168.240.200<br /> search xinux.org <br /> ==/etc/hostname== <br /> gondor.xinux.org<br /> ==/etc/hosts==<br /> 127.0.0.1 localhost<br /> 192.168.240.200 gondor gondor.xinux.org<br /> ==/etc/network/interfaces==<br /> &lt;pre&gt;<br /> auto lo<br /> iface lo inet loopback<br /> <br /> auto eth0<br /> iface eth0 inet static<br /> address 192.168.240.200<br /> netmask 255.255.248.0<br /> gateway 192.168.240.100<br /> dns-nameservers 192.168.240.200<br /> dns-search xinux.org <br /> &lt;/pre&gt;<br /> =create an account=<br /> https://portal.enterprisesamba.com/<br /> =add this to /etc/apt/source.list=<br /> change USERNAME and ACCESSKEY<br /> deb http://USERNAME:ACCESSKEY@download.sernet.de/packages/samba/4.1/debian squeeze main<br /> deb-src http://USERNAME:ACCESSKEY@download.sernet.de/packages/samba/4.1/debian squeeze main<br /> =The SerNet build key=<br /> wget http://ftp.sernet.de/pub/sernet-samba-keyring_1.4_all.deb<br /> dpkg -i sernet-samba-keyring_1.4_all.deb<br /> =update=<br /> apt-get update<br /> =install=<br /> apt-get install sernet-samba-ad<br /> =clean=<br /> rm /etc/samba/smb.conf /var/lib/samba/private/sam.ldb<br /> =provision=<br /> samba-tool domain provision<br /> =change in /etc/default/sernet-samba=<br /> SAMBA_START_MODE=&quot;ad&quot;<br /> =start samba ad=<br /> service sernet-samba-ad start <br /> Starting SAMBA AD services : *<br /> =test share=<br /> smbclient -L localhost -U%<br /> <br /> =test the serverports=<br /> &lt;pre&gt;<br /> netstat -ltp <br /> <br /> Aktive Internetverbindungen (Nur Server)<br /> Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name<br /> tcp 0 0 *:domain *:* LISTEN 2579/samba <br /> tcp 0 0 *:kerberos *:* LISTEN 2573/samba <br /> tcp 0 0 *:8472 *:* LISTEN 790/sshd <br /> tcp 0 0 *:ldaps *:* LISTEN 2571/samba <br /> tcp 0 0 *:microsoft-ds *:* LISTEN 2570/smbd <br /> tcp 0 0 *:1024 *:* LISTEN 2567/samba <br /> tcp 0 0 *:3268 *:* LISTEN 2571/samba <br /> tcp 0 0 *:3269 *:* LISTEN 2571/samba <br /> tcp 0 0 *:ldap *:* LISTEN 2571/samba <br /> tcp 0 0 *:loc-srv *:* LISTEN 2567/samba <br /> tcp 0 0 *:netbios-ssn *:* LISTEN 2570/smbd <br /> tcp 0 0 *:kpasswd *:* LISTEN 2573/samba <br /> tcp6 0 0 [::]:domain [::]:* LISTEN 2579/samba <br /> tcp6 0 0 [::]:kerberos [::]:* LISTEN 2573/samba <br /> tcp6 0 0 [::]:8472 [::]:* LISTEN 790/sshd <br /> tcp6 0 0 [::]:ldaps [::]:* LISTEN 2571/samba <br /> tcp6 0 0 [::]:microsoft-ds [::]:* LISTEN 2570/smbd <br /> tcp6 0 0 [::]:1024 [::]:* LISTEN 2567/samba <br /> tcp6 0 0 [::]:3268 [::]:* LISTEN 2571/samba <br /> tcp6 0 0 [::]:3269 [::]:* LISTEN 2571/samba <br /> tcp6 0 0 [::]:ldap [::]:* LISTEN 2571/samba <br /> tcp6 0 0 [::]:loc-srv [::]:* LISTEN 2567/samba <br /> tcp6 0 0 [::]:netbios-ssn [::]:* LISTEN 2570/smbd <br /> tcp6 0 0 [::]:kpasswd [::]:* LISTEN 2573/samba <br /> &lt;/pre&gt;<br /> =test dns=<br /> DOMAIN=&quot;xinux.org&quot;<br /> CONTROLLER=&quot;gondor&quot;<br /> ==ldap== <br /> host -t SRV _ldap._tcp.$DOMAIN<br /> _ldap._tcp.xinux.org has SRV record 0 100 389 gondor.xinux.org.<br /> ==kerberos==<br /> host -t SRV _kerberos._udp.$DOMAIN<br /> _kerberos._udp.xinux.org has SRV record 0 100 88 gondor.xinux.org.<br /> ==hostname==<br /> host -t A $CONTROLLER.$DOMAIN<br /> gondor.xinux.org has address 192.168.240.200<br /> =nsswitch=<br /> ==change /etc/nsswitch.conf==<br /> passwd: compat winbind<br /> group: compat winbind<br /> ==test passwd==<br /> getent passwd | grep XINUX<br /> <br /> XINUX\Administrator:*:0:100::/home/XINUX/Administrator:/bin/false<br /> XINUX\Guest:*:3000011:3000012::/home/XINUX/Guest:/bin/false<br /> XINUX\krbtgt:*:3000016:100::/home/XINUX/krbtgt:/bin/false<br /> <br /> ==test group==<br /> getent group | grep XINUX<br /> <br /> XINUX\Enterprise Read-Only Domain Controllers:*:3000017:<br /> XINUX\Domain Admins:*:3000008:<br /> XINUX\Domain Users:*:100:<br /> XINUX\Domain Guests:*:3000012:<br /> XINUX\Domain Computers:*:3000018:<br /> XINUX\Domain Controllers:*:3000019:<br /> XINUX\Schema Admins:*:3000007:<br /> XINUX\Enterprise Admins:*:3000006:<br /> XINUX\Group Policy Creator Owners:*:3000004:<br /> XINUX\Read-Only Domain Controllers:*:3000020:<br /> XINUX\DnsUpdateProxy:*:3000021:<br /> =kerberos=<br /> ==install heimdal-clients==<br /> apt-get install heimdal-clients<br /> ==copy config==<br /> cp /var/lib/samba/private/krb5.conf /etc/krb5.conf<br /> ==test kerberos==<br /> ===kinit===<br /> kinit Administrator<br /> <br /> Administrator@XINUX.ORG's Password: <br /> ===klist=== <br /> klist<br /> <br /> Credentials cache: FILE:/tmp/krb5cc_0<br /> Principal: Administrator@XINUX.ORG<br /> <br /> Issued Expires Principal<br /> Jun 25 14:31:42 2014 Jun 26 00:31:34 2014 krbtgt/XINUX.ORG@XINUX.ORG<br /> =ldap=<br /> ==test over ldapserver localhost==<br /> ldbsearch -H ldaps://localhost &quot;cn=administrator&quot; -U administrator<br /> <br /> =timeserver=<br /> ==install==<br /> apt-get install ntp<br /> ==/etc/ntp.conf==<br /> &lt;pre&gt;<br /> server 127.127.1.0<br /> fudge 127.127.1.0 stratum 10<br /> server 0.pool.ntp.org iburst prefer<br /> server 1.pool.ntp.org iburst prefer<br /> driftfile /var/lib/ntp/ntp.drift<br /> logfile /var/log/ntp<br /> ntpsigndsocket /var/lib/samba/ntp_signd/<br /> restrict default kod nomodify notrap nopeer mssntp<br /> restrict 127.0.0.1<br /> restrict 0.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery<br /> restrict 1.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery<br /> &lt;/pre&gt;<br /> ==/var/lib/samba/ntp_signd==<br /> chgrp ntp /var/lib/samba/ntp_signd<br /> chmod g+rx /var/lib/samba/ntp_signd<br /> =[[Usermanagment]]=</div>

Thomas