Sernet: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 117: | Zeile 117: | ||
==install heimdal-clients== | ==install heimdal-clients== | ||
apt-get install heimdal-clients | apt-get install heimdal-clients | ||
| + | ==copy config== | ||
| + | cp /var/lib/samba/private/krb5.conf /etc/krb5.conf | ||
Version vom 25. Juni 2014, 12:31 Uhr
preparation
/etc/resolv.conf
nameserver 192.168.240.200 search xinux.org
/etc/hostname
gondor.xinux.org
/etc/hosts
127.0.0.1 localhost 192.168.240.200 gondor gondor.xinux.org
/etc/network/interfaces
auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.240.200 netmask 255.255.248.0 gateway 192.168.240.100 dns-nameservers 192.168.240.200 dns-search xinux.org
create an account
https://portal.enterprisesamba.com/
add this to /etc/apt/source.list
change USERNAME and ACCESSKEY
deb http://USERNAME:ACCESSKEY@download.sernet.de/packages/samba/4.1/debian squeeze main deb-src http://USERNAME:ACCESSKEY@download.sernet.de/packages/samba/4.1/debian squeeze main
The SerNet build key
wget http://ftp.sernet.de/pub/sernet-samba-keyring_1.4_all.deb dpkg -i sernet-samba-keyring_1.4_all.deb
update
apt-get update
install
apt-get install sernet-samba-ad
clean
rm /etc/samba/smb.conf /var/lib/samba/private/sam.ldb
provision
samba-tool domain provision
change in /etc/default/sernet-samba
SAMBA_START_MODE="ad"
start samba ad
service sernet-samba-ad start Starting SAMBA AD services : *
smbclient -L localhost -U%
test the serverports
netstat -ltp Aktive Internetverbindungen (Nur Server) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:domain *:* LISTEN 2579/samba tcp 0 0 *:kerberos *:* LISTEN 2573/samba tcp 0 0 *:8472 *:* LISTEN 790/sshd tcp 0 0 *:ldaps *:* LISTEN 2571/samba tcp 0 0 *:microsoft-ds *:* LISTEN 2570/smbd tcp 0 0 *:1024 *:* LISTEN 2567/samba tcp 0 0 *:3268 *:* LISTEN 2571/samba tcp 0 0 *:3269 *:* LISTEN 2571/samba tcp 0 0 *:ldap *:* LISTEN 2571/samba tcp 0 0 *:loc-srv *:* LISTEN 2567/samba tcp 0 0 *:netbios-ssn *:* LISTEN 2570/smbd tcp 0 0 *:kpasswd *:* LISTEN 2573/samba tcp6 0 0 [::]:domain [::]:* LISTEN 2579/samba tcp6 0 0 [::]:kerberos [::]:* LISTEN 2573/samba tcp6 0 0 [::]:8472 [::]:* LISTEN 790/sshd tcp6 0 0 [::]:ldaps [::]:* LISTEN 2571/samba tcp6 0 0 [::]:microsoft-ds [::]:* LISTEN 2570/smbd tcp6 0 0 [::]:1024 [::]:* LISTEN 2567/samba tcp6 0 0 [::]:3268 [::]:* LISTEN 2571/samba tcp6 0 0 [::]:3269 [::]:* LISTEN 2571/samba tcp6 0 0 [::]:ldap [::]:* LISTEN 2571/samba tcp6 0 0 [::]:loc-srv [::]:* LISTEN 2567/samba tcp6 0 0 [::]:netbios-ssn [::]:* LISTEN 2570/smbd tcp6 0 0 [::]:kpasswd [::]:* LISTEN 2573/samba
test dns
DOMAIN="xinux.org" CONTROLLER="gondor"
ldap
host -t SRV _ldap._tcp.$DOMAIN _ldap._tcp.xinux.org has SRV record 0 100 389 gondor.xinux.org.
kerberos
host -t SRV _kerberos._udp.$DOMAIN _kerberos._udp.xinux.org has SRV record 0 100 88 gondor.xinux.org.
hostname
host -t A $CONTROLLER.$DOMAIN gondor.xinux.org has address 192.168.240.200
nsswitch
change /etc/nsswitch.conf
passwd: compat winbind group: compat winbind
test passwd
getent passwd | grep XINUX XINUX\Administrator:*:0:100::/home/XINUX/Administrator:/bin/false XINUX\Guest:*:3000011:3000012::/home/XINUX/Guest:/bin/false XINUX\krbtgt:*:3000016:100::/home/XINUX/krbtgt:/bin/false
test group
getent group | grep XINUX XINUX\Enterprise Read-Only Domain Controllers:*:3000017: XINUX\Domain Admins:*:3000008: XINUX\Domain Users:*:100: XINUX\Domain Guests:*:3000012: XINUX\Domain Computers:*:3000018: XINUX\Domain Controllers:*:3000019: XINUX\Schema Admins:*:3000007: XINUX\Enterprise Admins:*:3000006: XINUX\Group Policy Creator Owners:*:3000004: XINUX\Read-Only Domain Controllers:*:3000020: XINUX\DnsUpdateProxy:*:3000021:
kerberos
install heimdal-clients
apt-get install heimdal-clients
copy config
cp /var/lib/samba/private/krb5.conf /etc/krb5.conf