Sernet Suse: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) (→update) |
||
| Zeile 45: | Zeile 45: | ||
=update= | =update= | ||
| − | + | *zypper refresh | |
| + | *zypper update | ||
=install= | =install= | ||
Version vom 12. Dezember 2016, 14:03 Uhr
preparation
/etc/resolv.conf
nameserver 192.168.240.200 search xinux.lan
/etc/hostname
susi.xinux.lan
/etc/hosts
127.0.0.1 localhost 192.168.240.29 susi susi.xinux.lan
/etc/sysconfig/network/ifcfg-eth0
BOOTPROTO='static' BROADCAST='' ETHTOOL_OPTIONS='' IPADDR='192.168.240.29/21' MTU='' NAME='' NETMASK='' NETWORK='' REMOTE_IPADDR='' STARTMODE='auto' DHCLIENT_SET_DEFAULT_ROUTE='yes'
/etc/sysconfig/network/routes
default 192.168.240.100 - -
create an account
https://portal.enterprisesamba.com/
add this to /etc/zypp/repos.d/sernet-samba-4.2.repo
change USERNAME and ACCESSKEY
[sernet-samba-4.2] name=SerNet Samba 4.2 Packages (sles-12) type=rpm-md baseurl=https://USERNAME:ACCESSKEY@download.sernet.de/packages/samba/4.2/sles/12/ gpgcheck=1 gpgkey=https://USERNAME:ACCESSKEY@download.sernet.de/packages/samba/4.2/sles/12/repodata/repomd.xml.key enabled=1
The SerNet build key
wget https://download.sernet.de/pub/sernet-build-key-1.1-5.noarch.rpm rpm -i sernet-build-key-1.1-5.noarch.rpm
update
- zypper refresh
- zypper update
install
zypper install sernet-samba-ad
clean
rm /etc/samba/smb.conf /var/lib/samba/private/sam.ldb
provision
- samba-tool domain provision
Realm [XINUX.LAN]: Domain [XINUX]: Server Role (dc, member, standalone) [dc]: DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: DNS forwarder IP address (write 'none' to disable forwarding) [192.168.255.250]: Administrator password: Retype password: Looking up IPv4 addresses Looking up IPv6 addresses More than one IPv6 address found. Using fd11:8fd3:475e:0:20c:29ff:fe99:fc27 Setting up share.ldb Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Adding DomainDN: DC=xinux,DC=lan Adding configuration container Setting up sam.ldb schema Setting up sam.ldb configuration data Setting up display specifiers Modifying display specifiers Adding users container Modifying users container Adding computers container Modifying computers container Setting up sam.ldb data Setting up well known security principals Setting up sam.ldb users and groups Setting up self join Adding DNS accounts Creating CN=MicrosoftDNS,CN=System,DC=xinux,DC=lan Creating DomainDnsZones and ForestDnsZones partitions Populating DomainDnsZones and ForestDnsZones partitions Setting up sam.ldb rootDSE marking as synchronized Fixing provision GUIDs A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf Once the above files are installed, your Samba4 server will be ready to use Server Role: active directory domain controller Hostname: susi NetBIOS Domain: XINUX DNS Domain: xinux.lan DOMAIN SID: S-1-5-21-3500209156-804325877-3868805387
start samba ad
service sernet-samba-ad start Starting SAMBA AD services : *
smbclient -L localhost -U%
test the serverports
netstat -ltp Aktive Internetverbindungen (Nur Server) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:domain *:* LISTEN 2579/samba tcp 0 0 *:kerberos *:* LISTEN 2573/samba tcp 0 0 *:8472 *:* LISTEN 790/sshd tcp 0 0 *:ldaps *:* LISTEN 2571/samba tcp 0 0 *:microsoft-ds *:* LISTEN 2570/smbd tcp 0 0 *:1024 *:* LISTEN 2567/samba tcp 0 0 *:3268 *:* LISTEN 2571/samba tcp 0 0 *:3269 *:* LISTEN 2571/samba tcp 0 0 *:ldap *:* LISTEN 2571/samba tcp 0 0 *:loc-srv *:* LISTEN 2567/samba tcp 0 0 *:netbios-ssn *:* LISTEN 2570/smbd tcp 0 0 *:kpasswd *:* LISTEN 2573/samba tcp6 0 0 [::]:domain [::]:* LISTEN 2579/samba tcp6 0 0 [::]:kerberos [::]:* LISTEN 2573/samba tcp6 0 0 [::]:8472 [::]:* LISTEN 790/sshd tcp6 0 0 [::]:ldaps [::]:* LISTEN 2571/samba tcp6 0 0 [::]:microsoft-ds [::]:* LISTEN 2570/smbd tcp6 0 0 [::]:1024 [::]:* LISTEN 2567/samba tcp6 0 0 [::]:3268 [::]:* LISTEN 2571/samba tcp6 0 0 [::]:3269 [::]:* LISTEN 2571/samba tcp6 0 0 [::]:ldap [::]:* LISTEN 2571/samba tcp6 0 0 [::]:loc-srv [::]:* LISTEN 2567/samba tcp6 0 0 [::]:netbios-ssn [::]:* LISTEN 2570/smbd tcp6 0 0 [::]:kpasswd [::]:* LISTEN 2573/samba
test dns
DOMAIN="xinux.org" CONTROLLER="gondor"
ldap
host -t SRV _ldap._tcp.$DOMAIN _ldap._tcp.xinux.org has SRV record 0 100 389 gondor.xinux.org.
kerberos
host -t SRV _kerberos._udp.$DOMAIN _kerberos._udp.xinux.org has SRV record 0 100 88 gondor.xinux.org.
hostname
host -t A $CONTROLLER.$DOMAIN gondor.xinux.org has address 192.168.240.200
nsswitch
change /etc/nsswitch.conf
passwd: compat winbind group: compat winbind
test passwd
getent passwd | grep XINUX XINUX\Administrator:*:0:100::/home/XINUX/Administrator:/bin/false XINUX\Guest:*:3000011:3000012::/home/XINUX/Guest:/bin/false XINUX\krbtgt:*:3000016:100::/home/XINUX/krbtgt:/bin/false
test group
getent group | grep XINUX XINUX\Enterprise Read-Only Domain Controllers:*:3000017: XINUX\Domain Admins:*:3000008: XINUX\Domain Users:*:100: XINUX\Domain Guests:*:3000012: XINUX\Domain Computers:*:3000018: XINUX\Domain Controllers:*:3000019: XINUX\Schema Admins:*:3000007: XINUX\Enterprise Admins:*:3000006: XINUX\Group Policy Creator Owners:*:3000004: XINUX\Read-Only Domain Controllers:*:3000020: XINUX\DnsUpdateProxy:*:3000021:
kerberos
install heimdal-clients
apt-get install heimdal-clients
copy config
cp /var/lib/samba/private/krb5.conf /etc/krb5.conf
test kerberos
kinit
kinit Administrator Administrator@XINUX.ORG's Password:
klist
klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: Administrator@XINUX.ORG
Issued Expires Principal
Jun 25 14:31:42 2014 Jun 26 00:31:34 2014 krbtgt/XINUX.ORG@XINUX.ORG
ldap
test over ldapserver localhost
ldbsearch -H ldaps://localhost "cn=administrator" -U administrator
timeserver
install
apt-get install ntp
/etc/ntp.conf
server 127.127.1.0 fudge 127.127.1.0 stratum 10 server 0.pool.ntp.org iburst prefer server 1.pool.ntp.org iburst prefer driftfile /var/lib/ntp/ntp.drift logfile /var/log/ntp ntpsigndsocket /var/lib/samba/ntp_signd/ restrict default kod nomodify notrap nopeer mssntp restrict 127.0.0.1 restrict 0.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery restrict 1.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery
/var/lib/samba/ntp_signd
chgrp ntp /var/lib/samba/ntp_signd chmod g+rx /var/lib/samba/ntp_signd