Sernet Suse: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
 
(22 dazwischenliegende Versionen von einem anderen Benutzer werden nicht angezeigt)
Zeile 9: Zeile 9:
 
==/etc/hosts==
 
==/etc/hosts==
 
  127.0.0.1      localhost
 
  127.0.0.1      localhost
  192.168.240.29  susi susi.xinux.lan
+
  192.168.240.29  susi.xinux.lan susi
  
 
==/etc/sysconfig/network/ifcfg-eth0 ==
 
==/etc/sysconfig/network/ifcfg-eth0 ==
Zeile 32: Zeile 32:
 
=add this to /etc/zypp/repos.d/sernet-samba-4.2.repo=
 
=add this to /etc/zypp/repos.d/sernet-samba-4.2.repo=
 
change USERNAME and ACCESSKEY
 
change USERNAME and ACCESSKEY
  name=SerNet Samba 4.2 Packages (suse-13.2)
+
[sernet-samba-4.2]
 +
  name=SerNet Samba 4.2 Packages (sles-12)
 
  type=rpm-md
 
  type=rpm-md
  baseurl=https://USERNAME:ACCESSKEY@download.sernet.de/packages/samba/4.2/suse/13.2/
+
  baseurl=https://USERNAME:ACCESSKEY@download.sernet.de/packages/samba/4.2/sles/12/
 
  gpgcheck=1
 
  gpgcheck=1
  gpgkey=https://USERNAME:ACCESSKEY@download.sernet.de/packages/samba/4.2/suse/13.2/repodata/repomd.xml.key
+
  gpgkey=https://USERNAME:ACCESSKEY@download.sernet.de/packages/samba/4.2/sles/12/repodata/repomd.xml.key
 
  enabled=1
 
  enabled=1
  
Zeile 44: Zeile 45:
  
 
=update=
 
=update=
apt-get update
+
*zypper refresh
 +
*zypper update
 +
 
 
=install=
 
=install=
  apt-get install sernet-samba-ad
+
  zypper install sernet-samba-ad
 +
 
 
=clean=
 
=clean=
 
  rm /etc/samba/smb.conf /var/lib/samba/private/sam.ldb
 
  rm /etc/samba/smb.conf /var/lib/samba/private/sam.ldb
 
=provision=
 
=provision=
samba-tool domain provision
+
*samba-tool domain provision
=change in /etc/default/sernet-samba=
+
<pre>
  SAMBA_START_MODE="ad"
+
Realm [XINUX.LAN]:
 +
Domain [XINUX]:
 +
Server Role (dc, member, standalone) [dc]:
 +
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
 +
DNS forwarder IP address (write 'none' to disable forwarding) [192.168.255.250]:
 +
Administrator password:
 +
Retype password:
 +
Looking up IPv4 addresses
 +
Looking up IPv6 addresses
 +
More than one IPv6 address found. Using fd11:8fd3:475e:0:20c:29ff:fe99:fc27
 +
Setting up share.ldb
 +
Setting up secrets.ldb
 +
Setting up the registry
 +
Setting up the privileges database
 +
Setting up idmap db
 +
Setting up SAM db
 +
Setting up sam.ldb partitions and settings
 +
Setting up sam.ldb rootDSE
 +
Pre-loading the Samba 4 and AD schema
 +
Adding DomainDN: DC=xinux,DC=lan
 +
Adding configuration container
 +
Setting up sam.ldb schema
 +
Setting up sam.ldb configuration data
 +
Setting up display specifiers
 +
Modifying display specifiers
 +
Adding users container
 +
Modifying users container
 +
Adding computers container
 +
Modifying computers container
 +
Setting up sam.ldb data
 +
Setting up well known security principals
 +
Setting up sam.ldb users and groups
 +
Setting up self join
 +
Adding DNS accounts
 +
Creating CN=MicrosoftDNS,CN=System,DC=xinux,DC=lan
 +
Creating DomainDnsZones and ForestDnsZones partitions
 +
Populating DomainDnsZones and ForestDnsZones partitions
 +
Setting up sam.ldb rootDSE marking as synchronized
 +
Fixing provision GUIDs
 +
A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf
 +
Once the above files are installed, your Samba4 server will be ready to use
 +
Server Role:          active directory domain controller
 +
Hostname:              susi
 +
NetBIOS Domain:        XINUX
 +
DNS Domain:            xinux.lan
 +
DOMAIN SID:            S-1-5-21-3500209156-804325877-3868805387
 +
</pre>
 +
 
 +
==/etc/resolv.conf==
 +
  nameserver 192.168.240.29
 +
search xinux.lan
 +
 
 +
==enable AD Services==
 +
*sed -ie "/SAMBA_START_MODE/s/none/ad/" /etc/default/sernet-samba
 +
 
 
=start samba ad=
 
=start samba ad=
 
  service sernet-samba-ad start  
 
  service sernet-samba-ad start  
 
  Starting SAMBA AD services :  *
 
  Starting SAMBA AD services :  *
 +
 
=test share=
 
=test share=
 
  smbclient -L localhost -U%
 
  smbclient -L localhost -U%
  
 
=test the serverports=
 
=test the serverports=
 +
*netstat -ltp
 +
<pre>
 +
Active Internet connections (only servers)
 +
Proto Recv-Q Send-Q Local Address          Foreign Address        State      PID/Program name 
 +
tcp        0      0 *:domain                *:*                    LISTEN      3133/samba         
 +
tcp        0      0 *:ssh                  *:*                    LISTEN      1543/sshd         
 +
tcp        0      0 *:kerberos              *:*                    LISTEN      3125/samba         
 +
tcp        0      0 *:otv                  *:*                    LISTEN      1543/sshd         
 +
tcp        0      0 localhost:smtp          *:*                    LISTEN      1374/master       
 +
tcp        0      0 *:ldaps                *:*                    LISTEN      3123/samba         
 +
tcp        0      0 *:microsoft-ds          *:*                    LISTEN      3128/smbd         
 +
tcp        0      0 *:1024                  *:*                    LISTEN      3120/samba         
 +
tcp        0      0 *:msft-gc              *:*                    LISTEN      3123/samba         
 +
tcp        0      0 *:msft-gc-ssl          *:*                    LISTEN      3123/samba         
 +
tcp        0      0 *:ldap                  *:*                    LISTEN      3123/samba         
 +
tcp        0      0 *:epmap                *:*                    LISTEN      3120/samba         
 +
tcp        0      0 *:netbios-ssn          *:*                    LISTEN      3128/smbd         
 +
tcp        0      0 *:kpasswd              *:*                    LISTEN      3125/samba         
 +
tcp        0      0 *:domain                *:*                    LISTEN      3133/samba         
 +
tcp        0      0 *:ssh                  *:*                    LISTEN      1543/sshd         
 +
tcp        0      0 *:kerberos              *:*                    LISTEN      3125/samba         
 +
tcp        0      0 *:otv                  *:*                    LISTEN      1543/sshd         
 +
tcp        0      0 localhost:smtp          *:*                    LISTEN      1374/master       
 +
tcp        0      0 *:ldaps                *:*                    LISTEN      3123/samba         
 +
tcp        0      0 *:microsoft-ds          *:*                    LISTEN      3128/smbd         
 +
tcp        0      0 *:1024                  *:*                    LISTEN      3120/samba         
 +
tcp        0      0 *:msft-gc              *:*                    LISTEN      3123/samba         
 +
tcp        0      0 *:msft-gc-ssl          *:*                    LISTEN      3123/samba         
 +
tcp        0      0 *:ldap                  *:*                    LISTEN      3123/samba         
 +
tcp        0      0 *:epmap                *:*                    LISTEN      3120/samba         
 +
tcp        0      0 *:netbios-ssn          *:*                    LISTEN      3128/smbd         
 +
tcp        0      0 *:kpasswd              *:*                    LISTEN      3125/samba         
 +
 
 +
</pre>
 +
 +
==Is the Domain reachable==
 +
*smbclient -L localhost -UAdministrator%'12X!nux99'
 
<pre>
 
<pre>
netstat -ltp
+
Domain=[XINUX] OS=[Windows 6.1] Server=[Samba 4.2.14-SerNet-SuSE-23.suse132]
  
Aktive Internetverbindungen (Nur Server)
+
Sharename      Type      Comment
Proto Recv-Q Send-Q Local Address          Foreign Address        State       PID/Program name
+
---------      ----     -------
tcp        0     0 *:domain                *:*                    LISTEN      2579/samba     
+
netlogon       Disk      
tcp        0      0 *:kerberos              *:*                    LISTEN      2573/samba     
+
sysvol          Disk      
tcp        0      0 *:8472                  *:*                    LISTEN      790/sshd       
+
IPC$            IPC       IPC Service (Samba 4.2.14-SerNet-SuSE-23.suse132)
tcp        0      0 *:ldaps                *:*                    LISTEN      2571/samba     
 
tcp        0      0 *:microsoft-ds          *:*                    LISTEN      2570/smbd     
 
tcp        0      0 *:1024                  *:*                    LISTEN      2567/samba     
 
tcp        0      0 *:3268                  *:*                    LISTEN      2571/samba     
 
tcp        0      0 *:3269                  *:*                    LISTEN      2571/samba     
 
tcp        0      0 *:ldap                  *:*                    LISTEN      2571/samba     
 
tcp        0      0 *:loc-srv              *:*                    LISTEN      2567/samba     
 
tcp        0      0 *:netbios-ssn          *:*                    LISTEN      2570/smbd     
 
tcp       0      0 *:kpasswd              *:*                    LISTEN      2573/samba      
 
tcp6      0      0 [::]:domain            [::]:*                  LISTEN      2579/samba      
 
tcp6       0      0 [::]:kerberos          [::]:*                  LISTEN      2573/samba     
 
tcp6      0      0 [::]:8472              [::]:*                  LISTEN      790/sshd       
 
tcp6      0      0 [::]:ldaps              [::]:*                  LISTEN      2571/samba     
 
tcp6      0      0 [::]:microsoft-ds      [::]:*                  LISTEN      2570/smbd     
 
tcp6      0      0 [::]:1024              [::]:*                  LISTEN      2567/samba     
 
tcp6      0      0 [::]:3268              [::]:*                  LISTEN      2571/samba     
 
tcp6      0      0 [::]:3269              [::]:*                  LISTEN      2571/samba     
 
tcp6      0      0 [::]:ldap              [::]:*                  LISTEN      2571/samba     
 
tcp6      0      0 [::]:loc-srv            [::]:*                  LISTEN      2567/samba     
 
tcp6      0      0 [::]:netbios-ssn        [::]:*                  LISTEN      2570/smbd     
 
tcp6      0      0 [::]:kpasswd            [::]:*                  LISTEN      2573/samba   
 
 
</pre>
 
</pre>
 +
 
=test dns=
 
=test dns=
DOMAIN="xinux.org"
+
*DOMAIN="xinux.lan"
CONTROLLER="gondor"
+
*CONTROLLER="susi"
 
==ldap==  
 
==ldap==  
host -t SRV _ldap._tcp.$DOMAIN
+
*host -t SRV _ldap._tcp.$DOMAIN
 
  _ldap._tcp.xinux.org has SRV record 0 100 389 gondor.xinux.org.
 
  _ldap._tcp.xinux.org has SRV record 0 100 389 gondor.xinux.org.
 
==kerberos==
 
==kerberos==
host -t SRV _kerberos._udp.$DOMAIN
+
*host -t SRV _kerberos._udp.$DOMAIN
 
  _kerberos._udp.xinux.org has SRV record 0 100 88 gondor.xinux.org.
 
  _kerberos._udp.xinux.org has SRV record 0 100 88 gondor.xinux.org.
 
==hostname==
 
==hostname==
host -t A $CONTROLLER.$DOMAIN
+
*host -t A $CONTROLLER.$DOMAIN
 
  gondor.xinux.org has address 192.168.240.200
 
  gondor.xinux.org has address 192.168.240.200
 +
 
=nsswitch=
 
=nsswitch=
 
==change /etc/nsswitch.conf==
 
==change /etc/nsswitch.conf==
 
  passwd:        compat winbind
 
  passwd:        compat winbind
 
  group:          compat winbind
 
  group:          compat winbind
 +
 +
==user wbinfo==
 +
*wbinfo -u
 +
administrator
 +
krbtgt
 +
guest
 +
==group wbinfo==
 +
*wbinfo -g
 +
enterprise read-only domain controllers
 +
domain admins
 +
domain users
 +
domain guests
 +
domain computers
 +
domain controllers
 +
schema admins
 +
enterprise admins
 +
group policy creator owners
 +
read-only domain controllers
 +
dnsupdateproxy
 +
 +
==trust wbinfo==
 +
*wbinfo -t
 +
checking the trust secret for domain XINUX via RPC calls succeeded
 +
 
==test passwd==
 
==test passwd==
 
  getent passwd | grep XINUX
 
  getent passwd | grep XINUX
Zeile 127: Zeile 228:
 
  XINUX\Read-Only Domain Controllers:*:3000020:
 
  XINUX\Read-Only Domain Controllers:*:3000020:
 
  XINUX\DnsUpdateProxy:*:3000021:
 
  XINUX\DnsUpdateProxy:*:3000021:
 +
 
=kerberos=
 
=kerberos=
 
==install heimdal-clients==
 
==install heimdal-clients==
apt-get install heimdal-clients
+
*zypper install krb5-client
 +
 
 
==copy config==
 
==copy config==
 
  cp /var/lib/samba/private/krb5.conf /etc/krb5.conf
 
  cp /var/lib/samba/private/krb5.conf /etc/krb5.conf
Zeile 136: Zeile 239:
 
  kinit Administrator
 
  kinit Administrator
 
   
 
   
  Administrator@XINUX.ORG's Password:  
+
  Administrator@XINUX.LAN's Password:
 +
 
 
===klist===  
 
===klist===  
klist
+
*kinit Administrator
 
   
 
   
 
  Credentials cache: FILE:/tmp/krb5cc_0
 
  Credentials cache: FILE:/tmp/krb5cc_0
Zeile 145: Zeile 249:
 
   Issued                Expires              Principal
 
   Issued                Expires              Principal
 
  Jun 25 14:31:42 2014  Jun 26 00:31:34 2014  krbtgt/XINUX.ORG@XINUX.ORG
 
  Jun 25 14:31:42 2014  Jun 26 00:31:34 2014  krbtgt/XINUX.ORG@XINUX.ORG
 +
*klist
 +
Ticket cache: DIR::/run/user/0/krb5cc/tkt
 +
Default principal: Administrator@XINUX.LAN
 +
 +
Valid starting      Expires              Service principal
 +
12.12.2016 16:29:18  13.12.2016 02:29:18  krbtgt/XINUX.LAN@XINUX.LAN
 +
renew until 13.12.2016 16:29:12
 +
 
=ldap=
 
=ldap=
 +
==/etc/samba/smb.conf==
 +
[global]
 +
  ...
 +
  tls verify peer = no_check
 +
  ldap server require strong auth = no
 +
 +
 +
 
==test over ldapserver localhost==
 
==test over ldapserver localhost==
 
  ldbsearch -H ldaps://localhost  "cn=administrator" -U administrator
 
  ldbsearch -H ldaps://localhost  "cn=administrator" -U administrator

Aktuelle Version vom 19. Dezember 2016, 09:18 Uhr

preparation

/etc/resolv.conf

nameserver 192.168.240.200
search xinux.lan

/etc/hostname

susi.xinux.lan

/etc/hosts

127.0.0.1       localhost
192.168.240.29  susi.xinux.lan susi

/etc/sysconfig/network/ifcfg-eth0

BOOTPROTO='static'
BROADCAST=''
ETHTOOL_OPTIONS=''
IPADDR='192.168.240.29/21'
MTU=''
NAME=''
NETMASK=''
NETWORK=''
REMOTE_IPADDR=''
STARTMODE='auto'
DHCLIENT_SET_DEFAULT_ROUTE='yes'

/etc/sysconfig/network/routes

default 192.168.240.100 - -

create an account

https://portal.enterprisesamba.com/

add this to /etc/zypp/repos.d/sernet-samba-4.2.repo

change USERNAME and ACCESSKEY 

[sernet-samba-4.2]
name=SerNet Samba 4.2 Packages (sles-12)
type=rpm-md
baseurl=https://USERNAME:ACCESSKEY@download.sernet.de/packages/samba/4.2/sles/12/
gpgcheck=1
gpgkey=https://USERNAME:ACCESSKEY@download.sernet.de/packages/samba/4.2/sles/12/repodata/repomd.xml.key
enabled=1

The SerNet build key

wget https://download.sernet.de/pub/sernet-build-key-1.1-5.noarch.rpm
rpm -i sernet-build-key-1.1-5.noarch.rpm

update

  • zypper refresh
  • zypper update

install

zypper install  sernet-samba-ad

clean

rm /etc/samba/smb.conf /var/lib/samba/private/sam.ldb

provision

  • samba-tool domain provision
Realm [XINUX.LAN]: 
 Domain [XINUX]: 
 Server Role (dc, member, standalone) [dc]: 
 DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: 
 DNS forwarder IP address (write 'none' to disable forwarding) [192.168.255.250]: 
Administrator password: 
Retype password: 
Looking up IPv4 addresses
Looking up IPv6 addresses
More than one IPv6 address found. Using fd11:8fd3:475e:0:20c:29ff:fe99:fc27
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=xinux,DC=lan
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=xinux,DC=lan
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf
Once the above files are installed, your Samba4 server will be ready to use
Server Role:           active directory domain controller
Hostname:              susi
NetBIOS Domain:        XINUX
DNS Domain:            xinux.lan
DOMAIN SID:            S-1-5-21-3500209156-804325877-3868805387

/etc/resolv.conf

nameserver 192.168.240.29
search xinux.lan

enable AD Services

  • sed -ie "/SAMBA_START_MODE/s/none/ad/" /etc/default/sernet-samba

start samba ad

service sernet-samba-ad start 
Starting SAMBA AD services :  *

test share

smbclient -L localhost -U%

test the serverports

  • netstat -ltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   
tcp        0      0 *:domain                *:*                     LISTEN      3133/samba          
tcp        0      0 *:ssh                   *:*                     LISTEN      1543/sshd           
tcp        0      0 *:kerberos              *:*                     LISTEN      3125/samba          
tcp        0      0 *:otv                   *:*                     LISTEN      1543/sshd           
tcp        0      0 localhost:smtp          *:*                     LISTEN      1374/master         
tcp        0      0 *:ldaps                 *:*                     LISTEN      3123/samba          
tcp        0      0 *:microsoft-ds          *:*                     LISTEN      3128/smbd           
tcp        0      0 *:1024                  *:*                     LISTEN      3120/samba          
tcp        0      0 *:msft-gc               *:*                     LISTEN      3123/samba          
tcp        0      0 *:msft-gc-ssl           *:*                     LISTEN      3123/samba          
tcp        0      0 *:ldap                  *:*                     LISTEN      3123/samba          
tcp        0      0 *:epmap                 *:*                     LISTEN      3120/samba          
tcp        0      0 *:netbios-ssn           *:*                     LISTEN      3128/smbd           
tcp        0      0 *:kpasswd               *:*                     LISTEN      3125/samba          
tcp        0      0 *:domain                *:*                     LISTEN      3133/samba          
tcp        0      0 *:ssh                   *:*                     LISTEN      1543/sshd           
tcp        0      0 *:kerberos              *:*                     LISTEN      3125/samba          
tcp        0      0 *:otv                   *:*                     LISTEN      1543/sshd           
tcp        0      0 localhost:smtp          *:*                     LISTEN      1374/master         
tcp        0      0 *:ldaps                 *:*                     LISTEN      3123/samba          
tcp        0      0 *:microsoft-ds          *:*                     LISTEN      3128/smbd           
tcp        0      0 *:1024                  *:*                     LISTEN      3120/samba          
tcp        0      0 *:msft-gc               *:*                     LISTEN      3123/samba          
tcp        0      0 *:msft-gc-ssl           *:*                     LISTEN      3123/samba          
tcp        0      0 *:ldap                  *:*                     LISTEN      3123/samba          
tcp        0      0 *:epmap                 *:*                     LISTEN      3120/samba          
tcp        0      0 *:netbios-ssn           *:*                     LISTEN      3128/smbd           
tcp        0      0 *:kpasswd               *:*                     LISTEN      3125/samba

Is the Domain reachable

  • smbclient -L localhost -UAdministrator%'12X!nux99'
 Domain=[XINUX] OS=[Windows 6.1] Server=[Samba 4.2.14-SerNet-SuSE-23.suse132] 

	Sharename       Type      Comment
	---------       ----      -------
	netlogon        Disk      
	sysvol          Disk      
	IPC$            IPC       IPC Service (Samba 4.2.14-SerNet-SuSE-23.suse132)

test dns

  • DOMAIN="xinux.lan"
  • CONTROLLER="susi"

ldap

  • host -t SRV _ldap._tcp.$DOMAIN
_ldap._tcp.xinux.org has SRV record 0 100 389 gondor.xinux.org.

kerberos

  • host -t SRV _kerberos._udp.$DOMAIN
_kerberos._udp.xinux.org has SRV record 0 100 88 gondor.xinux.org.

hostname

  • host -t A $CONTROLLER.$DOMAIN
gondor.xinux.org has address 192.168.240.200

nsswitch

change /etc/nsswitch.conf

passwd:         compat winbind
group:          compat winbind

user wbinfo

  • wbinfo -u
administrator
krbtgt
guest

group wbinfo

  • wbinfo -g
enterprise read-only domain controllers
domain admins
domain users
domain guests
domain computers
domain controllers
schema admins
enterprise admins
group policy creator owners
read-only domain controllers
dnsupdateproxy

trust wbinfo

  • wbinfo -t
checking the trust secret for domain XINUX via RPC calls succeeded

test passwd

getent passwd | grep XINUX

XINUX\Administrator:*:0:100::/home/XINUX/Administrator:/bin/false
XINUX\Guest:*:3000011:3000012::/home/XINUX/Guest:/bin/false
XINUX\krbtgt:*:3000016:100::/home/XINUX/krbtgt:/bin/false

test group

getent group | grep XINUX

XINUX\Enterprise Read-Only Domain Controllers:*:3000017:
XINUX\Domain Admins:*:3000008:
XINUX\Domain Users:*:100:
XINUX\Domain Guests:*:3000012:
XINUX\Domain Computers:*:3000018:
XINUX\Domain Controllers:*:3000019:
XINUX\Schema Admins:*:3000007:
XINUX\Enterprise Admins:*:3000006:
XINUX\Group Policy Creator Owners:*:3000004:
XINUX\Read-Only Domain Controllers:*:3000020:
XINUX\DnsUpdateProxy:*:3000021:

kerberos

install heimdal-clients

  • zypper install krb5-client

copy config

cp /var/lib/samba/private/krb5.conf /etc/krb5.conf

test kerberos

kinit

kinit Administrator

Administrator@XINUX.LAN's Password:

klist

  • kinit Administrator
Credentials cache: FILE:/tmp/krb5cc_0
        Principal: Administrator@XINUX.ORG

  Issued                Expires               Principal
Jun 25 14:31:42 2014  Jun 26 00:31:34 2014  krbtgt/XINUX.ORG@XINUX.ORG
  • klist
Ticket cache: DIR::/run/user/0/krb5cc/tkt
Default principal: Administrator@XINUX.LAN 

Valid starting       Expires              Service principal
12.12.2016 16:29:18  13.12.2016 02:29:18  krbtgt/XINUX.LAN@XINUX.LAN

renew until 13.12.2016 16:29:12

ldap

/etc/samba/smb.conf

[global]
  ...
  tls verify peer = no_check
  ldap server require strong auth = no


test over ldapserver localhost

ldbsearch -H ldaps://localhost  "cn=administrator" -U administrator

timeserver

install

apt-get install ntp

/etc/ntp.conf

server 127.127.1.0
fudge 127.127.1.0 stratum 10
server 0.pool.ntp.org iburst prefer
server 1.pool.ntp.org iburst prefer
driftfile /var/lib/ntp/ntp.drift
logfile /var/log/ntp
ntpsigndsocket /var/lib/samba/ntp_signd/
restrict default kod nomodify notrap nopeer mssntp
restrict 127.0.0.1
restrict 0.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery
restrict 1.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery

/var/lib/samba/ntp_signd

chgrp ntp /var/lib/samba/ntp_signd
chmod g+rx /var/lib/samba/ntp_signd

Usermanagment

Abgerufen von „http://wiki.ixheim.de/index.php?title=Sernet_Suse&oldid=12137