Aktuelle Version vom 16. Oktober 2024, 06:38 Uhr

Hostname: dc1.samba34.linuggs.de

Interface anpassen

vi /etc/network/interfaces

auto lo
iface lo inet loopback

# The primary network interface
auto enp0s3
iface enp0s3 inet static
  address 172.26.55.22/24
  gateway 172.26.55.1

iface enp0s3 inet6 static
  address 2a02:24d8:71:3037::22/64
  gateway 2a02:24d8:71:3037::1

Hosts anpassen

vi /etc/hosts

127.0.0.1       localhost
172.26.55.22    dc1.samba34.linuggs.de dc1
2a02:24d8:71:3037::22 dc1.samba34.linuggs.de dc1
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Hostname setzen

hostnamectl set-hostname dc1.samba34.linuggs.de

resolv.conf anpassen

vi /etc/resolv.conf

nameserver 2a02:24d8:71:3040::1
nameserver 172.30.34.254
search samba34.linuggs.de

reboot

Samba 4 installieren

apt install samba smbclient winbind ntp libnss-winbind krb5-user acl

Domain anlegen

Vorher löschen

rm /etc/samba/smb.conf /var/lib/samba/private/sam.ldb

Los geht es

samba-tool domain provision --realm=samba34.linuggs.de --domain=samba34 --adminpass="123Start$" --server-role=dc --dns-backend=SAMBA_INTERNAL --use-rfc2307

Reboot

reboot

Start und Enable

systemctl unmask samba-ad-dc
systemctl start samba-ad-dc
systemctl enable samba-ad-dc

smbversion, share und auth check

smbversion

Diese sollten übereinstimmen:

samba -V

Version 4.17.12-Debian

smbclient -V

Version 4.17.12-Debian

shares anzeigen:

smbclient -L localhost -U%

	Sharename       Type      Comment
	---------       ----      -------
	sysvol          Disk      
	netlogon        Disk      
	IPC$            IPC       IPC Service (Samba 4.17.12-Debian)
SMB1 disabled -- no workgroup available

Authentication check:

smbclient //localhost/netlogon -UAdministrator%"123Start$" -c 'ls'

  .                                   D        0  Mon Oct 14 20:28:15 2024
  ..                                  D        0  Mon Oct 14 20:28:16 2024

		19022504 blocks of size 1024. 16474524 blocks available

DNS setzen

Resolv

cat /etc/resolv.conf

nameserver ::1
nameserver 127.0.0.1
search samba34.linuggs.de

Check

nslookup dc1

Server:		::1
Address:	::1#53

Name:	dc1.samba34.linuggs.de
Address: 172.26.55.22
Name:	dc1.samba34.linuggs.de
Address: 2a02:24d8:71:3037::22

Forwarder eintragen

vi /etc/samba/smb.conf

dns forwarder = 172.30.34.254 2a02:24d8:71:3040::1

Check

Variablen setzen

DOMAIN="samba34.linuggs.de"
CONTROLLER="dc1"

Diverse Records

host -t SRV _ldap._tcp.$DOMAIN

_ldap._tcp.samba34.linuggs.de has SRV record 0 100 389 dc1.samba34.linuggs.de.

host -t SRV _kerberos._udp.$DOMAIN

_kerberos._udp.samba34.linuggs.de has SRV record 0 100 88 dc1.samba34.linuggs.de.

host -t A $CONTROLLER.$DOMAIN

dc1.samba34.linuggs.de has address 172.26.55.22

host -t AAAA $CONTROLLER.$DOMAIN

dc1.samba34.linuggs.de has IPv6 address 2a02:24d8:71:3037::22

Kerberos

vi /etc/krb5.conf

[libdefaults]
        default_realm = SAMBA34.LINUGGS.DE
        dns_lookup_realm = false
        dns_lookup_kdc = true

[realms]
        SAMBA34.LINUGGS.DE = {
                kdc = dc1.samba34.linuggs.de
                admin_server = dc1.samba34.linuggs.de
        }

Winbind

nsswitch.conf ändern

passwd:         compat winbind
group:          compat winbind

ist winbind is "pingbar

wbinfo -p

Ping to winbindd succeeded

anzeigen der userliste

wbinfo -u

Administrator
Guest
krbtgt

/etc/samba/smb.conf ergänzen

[global]
        netbios name = DC1
        realm = SAMBA34.LINUGGS.DE
        server role = active directory domain controller
        workgroup = SAMBA34
        dns forwarder = 172.30.34.254 2a02:24d8:71:3040::1
        idmap_ldb:use rfc2307 = yes
        winbind enum users = yes
        winbind enum groups = yes
        winbind nss info = template
        template shell = /bin/bash
        template homedir = /home/%U
        winbind use default domain = yes
        

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No 

[netlogon]
        path = /var/lib/samba/sysvol/samba34.linuggs.de/scripts
        read only = No

DC-smb.conf-Erklärung

Service neustarten

systemctl restart samba-ad-dc.service

funtioniert nsswitch

getent passwd | grep SAMBA34

SAMBA34\administrator:*:0:100::/home/administrator:/bin/bash
SAMBA34\guest:*:3000011:100::/home/guest:/bin/bash
SAMBA34\krbtgt:*:3000017:100::/home/krbtgt:/bin/bash

Tests

Gucken welche Ports geöffnen

TCP

ss -lntp

UDP

ss -lnup

Prozesse

apt install psmisc
pstree

Misc

Adminpasswort läuft nicht ab

samba-tool user setexpiry administrator --noexpiry

Kennwortrichtlinie in Samba 4 Domain deaktivieren

samba-tool domain passwordsettings set --complexity=off
samba-tool domain passwordsettings set --history-length=0
samba-tool domain passwordsettings set --min-pwd-age=0
samba-tool domain passwordsettings set --max-pwd-age=0
samba-tool domain passwordsettings set --min-pwd-length 0

Adminpasswort setzen

samba-tool user setpassword Administrator

Kennwortrichtlinie in Samba 4 Domain anzeigen

samba-tool domain passwordsettings show

Samba Verwaltung

Samba Verwaltung

2 DC mit Replicatiom

2 DC mit Replicatiom

RSAT

RSAT

howto

https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO

installation

http://ubuntuforums.org/showthread.php?t=2146198

@@ Zeile 1: / Zeile 1: @@
-=Installation=
+== Hostname: dc1.samba34.linuggs.de ==
-==Interface anpassen==
+=== Interface anpassen ===
- vi /etc/network/interfaces
+*vi /etc/network/interfaces
 <pre>
 auto lo
 iface lo inet loopback
-auto eth0
+# The primary network interface
-iface eth0 inet static
+auto enp0s3
-address 192.168.240.199
+iface enp0s3 inet static
-netmask 255.255.248.0
+  address 172.26.55.22/24
-gateway 192.168.240.100
+  gateway 172.26.55.1
-dns-nameservers 192.168.240.199 8.8.8.8
-dns-search xinux.lan
-</pre>
-==hosts anpassen==
+iface enp0s3 inet6 static
- vi /etc/hosts
+  address 2a02:24d8:71:3037::22/64
-.0.0.1       localhost
+  gateway 2a02:24d8:71:3037::1
-.168.240.199 fenetre fenetre.xinux.lan
- echo fenetre.xinux.lan > /etc/hostname
- reboot
-==samba4 installieren==
+</pre>
- apt-get install samba smbclient winbind ntp libnss-winbind krb5-user acl
-==Domain anlegen==
+=== Hosts anpassen ===
-vorher das löschen:
+*vi /etc/hosts
- rm /etc/samba/smb.conf /var/lib/samba/private/sam.ldb
+<pre>
+.0.0.1       localhost
+.26.55.22    dc1.samba34.linuggs.de dc1
+a02:24d8:71:3037::22 dc1.samba34.linuggs.de dc1
+::1     localhost ip6-localhost ip6-loopback
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
+</pre>
+=== Hostname setzen ===
+*hostnamectl set-hostname dc1.samba34.linuggs.de
-''' realm, domain und adminpass''' sollten/können angepasst werden!
+=== resolv.conf anpassen ===
- samba-tool domain provision --realm=xinux.lan --domain=xinux --adminpass="Z0pp0Trump" --server-role=dc --dns-backend=SAMBA_INTERNAL --use-rfc2307
+*vi /etc/resolv.conf
-oder
+<pre>
+nameserver 2a02:24d8:71:3040::1
+nameserver 172.30.34.254
+search samba34.linuggs.de
+</pre>
-===install bind===
+reboot
- apt-get remove apparmor
- reboot
- apt-get install bind9
- echo 'include "/var/lib/samba/private/named.conf";' >> /etc/bind/named.conf
-====/etc/bind/named.conf.options====
- tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
-====/var/lib/samba/private/named.conf====
+== Samba 4 installieren ==
-dlz "AD DNS Zone" {
+*apt install samba smbclient winbind ntp libnss-winbind krb5-user acl
-     database "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_9.so";
-};
+== Domain anlegen ==
+;Vorher löschen
+*rm /etc/samba/smb.conf /var/lib/samba/private/sam.ldb
-''' realm, domain und adminpass''' sollten/können angepasst werden!
+;Los geht es
- samba-tool domain provision --realm=xinux.lan --domain=xinux --adminpass="Z0pp0Trump" --server-role=dc --dns-backend=BIND9_DLZ --use-rfc2307
+*samba-tool domain provision --realm=samba34.linuggs.de --domain=samba34 --adminpass="123Start$" --server-role=dc --dns-backend=SAMBA_INTERNAL --use-rfc2307
 ==Reboot==
-  reboot
+*reboot
+==Start und Enable==
+*systemctl unmask  samba-ad-dc
+*systemctl start  samba-ad-dc
+*systemctl enable  samba-ad-dc
 ==smbversion, share und auth check==
 ===smbversion===
 Diese sollten übereinstimmen:
- root@fenetre:~# samba -V
+*samba -V
-  Version 4.1.6-Ubuntu
+  Version 4.17.12-Debian
- root@fenetre:~# smbclient -V
+*smbclient -V
-  Version 4.1.6-Ubuntu
+  Version 4.17.12-Debian
 ===shares anzeigen:===
+*smbclient -L localhost -U%
 <pre>
-root@fenetre:~# smbclient -L localhost -U%
-Domain=[XINUX] OS=[Unix] Server=[Samba 4.1.6-Ubuntu]
 	Sharename       Type      Comment
 	---------       ----      -------
+	sysvol          Disk
 	netlogon        Disk
-	sysvol          Disk
+	IPC$            IPC       IPC Service (Samba 4.17.12-Debian)
-	IPC$            IPC       IPC Service (Samba 4.1.6-Ubuntu)
+SMB1 disabled -- no workgroup available
-Domain=[XINUX] OS=[Unix] Server=[Samba 4.1.6-Ubuntu]
-	Server               Comment
-	---------            -------
-	Workgroup            Master
-	---------            -------
-	WORKGROUP
 </pre>
 ===Authentication check:===
+*smbclient //localhost/netlogon -UAdministrator%"123Start$" -c 'ls'
 <pre>
-root@fenetre:~# smbclient //localhost/netlogon -UAdministrator%"Z0pp0Trump" -c 'ls'
+   .                                   D        0  Mon Oct 14 20:28:15 2024
-Domain=[XINUX] OS=[Unix] Server=[Samba 4.1.6-Ubuntu]
+   ..                                  D        0  Mon Oct 14 20:28:16 2024
-   .                                   D        0  Thu Apr 24 15:51:50 2014
-   ..                                  D        0  Thu Apr 24 15:51:54 2014
-blocks of size 524288. 47502 blocks available
+		19022504 blocks of size 1024. 16474524 blocks available
 </pre>
 ==DNS setzen==
 ===Resolv===
-  nameserver 192.168.240.199
+*cat  /etc/resolv.conf
-  search xinux.lan
+  nameserver ::1
+ nameserver 127.0.0.1
+  search samba34.linuggs.de
 ===Check===
+*nslookup dc1
+<pre>
+Server:		::1
+Address:	::1#53
+Name:	dc1.samba34.linuggs.de
+Address: 172.26.55.22
+Name:	dc1.samba34.linuggs.de
+Address: 2a02:24d8:71:3037::22
+</pre>
 ===Forwarder eintragen===
- sudo vi  /etc/samba/smb.conf
+*vi  /etc/samba/smb.conf
-füge hinzu: (Man kann natürlich auch seinen eigenen DNS angeben)
+  dns forwarder = 172.30.34.254 2a02:24d8:71:3040::1
-  dns forwarder = 192.168.240.21
 ===Check===
+;Variablen setzen
+*DOMAIN="samba34.linuggs.de"
+*CONTROLLER="dc1"
+;Diverse Records
+*host -t SRV _ldap._tcp.$DOMAIN
+ _ldap._tcp.samba34.linuggs.de has SRV record 0 100 389 dc1.samba34.linuggs.de.
+*host -t SRV _kerberos._udp.$DOMAIN
+ _kerberos._udp.samba34.linuggs.de has SRV record 0 100 88 dc1.samba34.linuggs.de.
+*host -t A $CONTROLLER.$DOMAIN
+ dc1.samba34.linuggs.de has address 172.26.55.22
+*host -t AAAA $CONTROLLER.$DOMAIN
+ dc1.samba34.linuggs.de has IPv6 address 2a02:24d8:71:3037::22
+==Kerberos==
+*vi /etc/krb5.conf
 <pre>
-DOMAIN="xinux.lan"
+[libdefaults]
-CONTROLLER="fenetre"
+        default_realm = SAMBA34.LINUGGS.DE
-host -t SRV _ldap._tcp.$DOMAIN
+        dns_lookup_realm = false
-_ldap._tcp.xinux.lan has SRV record 0 100 389 fenetre.xinux.lan.
+        dns_lookup_kdc = true
-host -t SRV _kerberos._udp.$DOMAIN
-_kerberos._udp.xinux.lan has SRV record 0 100 88 fenetre.xinux.lan.
-host -t A $CONTROLLER.$DOMAIN
-fenetre.xinux.lan has address 192.168.240.199
+[realms]
+        SAMBA34.LINUGGS.DE = {
+                kdc = dc1.samba34.linuggs.de
+                admin_server = dc1.samba34.linuggs.de
+        }
 </pre>
-==Kerberos==
- *[[kerberos client samba]]
-==Share hinzufügen==
- mkfs.ext4 /dev/vdb1
- mkdir /share
- echo "/dev/vdb1  /share   ext4 user_xattr,acl 0 0" >> /etc/fstab
- mount -a
- mkdir -m 770 /share
- chmod g+s /share
- chown root:users /share
- vi /etc/samba/smb.conf
-füge das ein:
- [share]
-  directory_mode: parameter = 0700
-  read only = no
-  path = /share
-  csc policy = documents
-==Share testen==
- root@fenetre:~# smbclient -L localhost -U% | grep share
- Domain=[XINUX] OS=[Unix] Server=[Samba 4.1.6-Ubuntu]
- Domain=[XINUX] OS=[Unix] Server=[Samba 4.1.6-Ubuntu]
- 	share           Disk
 ==Winbind==
-===winbind link setzen===
- ln -s /lib/x86_64-linux-gnu/libnss_winbind.so.2 /lib/x86_64-linux-gnu/libnss_winbind.so
 ===nsswitch.conf ändern===
   passwd:         compat winbind
   group:          compat winbind
 ===ist winbind is "pingbar===
- root@fenetre:~# wbinfo -p
+*wbinfo -p
   Ping to winbindd succeeded
 ===anzeigen der userliste===
- root@fenetre:~# wbinfo -u
+*wbinfo -u
   Administrator
   Guest
   krbtgt
+===/etc/samba/smb.conf ergänzen===
+ [global]
+         netbios name = DC1
+         realm = SAMBA34.LINUGGS.DE
+         server role = active directory domain controller
+         workgroup = SAMBA34
+         '''dns forwarder = 172.30.34.254 2a02:24d8:71:3040::1'''
+         idmap_ldb:use rfc2307 = yes
+         '''winbind enum users = yes'''
+         '''winbind enum groups = yes'''
+         '''winbind nss info = template'''
+         '''template shell = /bin/bash'''
+         '''template homedir = /home/%U'''
+         '''winbind use default domain = yes'''
+ [sysvol]
+         path = /var/lib/samba/sysvol
+         read only = No
+ [netlogon]
+         path = /var/lib/samba/sysvol/samba34.linuggs.de/scripts
+         read only = No
+[[DC-smb.conf-Erklärung]]
+===Service neustarten===
+*systemctl restart samba-ad-dc.service
 ===funtioniert nsswitch===
- root@fenetre:~# getent passwd | grep XINUX
+*getent passwd | grep SAMBA34
-  XINUX\Administrator:*:0:100::/home/XINUX/Administrator:/bin/false
+  SAMBA34\administrator:*:0:100::/home/administrator:/bin/bash
-  XINUX\Guest:*:3000011:3000012::/home/XINUX/Guest:/bin/false
+  SAMBA34\guest:*:3000011:100::/home/guest:/bin/bash
-  XINUX\krbtgt:*:3000017:100::/home/XINUX/krbtgt:/bin/false
+  SAMBA34\krbtgt:*:3000017:100::/home/krbtgt:/bin/bash
+===Tests===
+====Gucken welche Ports geöffnen====
+;TCP
+*ss -lntp
+;UDP
+*ss -lnup
+====Prozesse====
+*apt install psmisc
+*pstree
 ==Misc==
 ===Adminpasswort läuft nicht ab===
- samba-tool user setexpiry administrator --noexpiry
+*samba-tool user setexpiry administrator --noexpiry
 ===Kennwortrichtlinie in Samba 4 Domain deaktivieren===
- samba-tool domain passwordsettings set --complexity=off
+*samba-tool domain passwordsettings set --complexity=off
- samba-tool domain passwordsettings set --history-length=0
+*samba-tool domain passwordsettings set --history-length=0
- samba-tool domain passwordsettings set --min-pwd-age=0
+*samba-tool domain passwordsettings set --min-pwd-age=0
- samba-tool domain passwordsettings set --max-pwd-age=0
+*samba-tool domain passwordsettings set --max-pwd-age=0
- samba-tool domain passwordsettings set --min-pwd-length 0
+*samba-tool domain passwordsettings set --min-pwd-length 0
 ===Adminpasswort setzen===
   samba-tool user setpassword Administrator
@@ Zeile 188: / Zeile 219: @@
   samba-tool domain passwordsettings show
-=Zwei DC mit Replikation einrichten=
+=Samba Verwaltung=
-==Situation==
+*[[Samba Verwaltung]]
- '''Existierender DC'''
- Name: rumba
- IP: 192.168.242.201
- Ist DNS: Ja
- '''Domain Informationen'''
- DNS Domain Name: xinux.test
- Kerberos realm: XINUX.TEST
- Domain Admin: administrator
- Admin-PW: password
- '''Hinzuzufügender DC'''
- Name: tango
- IP: 192.168.242.200
-==Vorbereitungen==
-*Beide Rechner sollten im selben Netz sein und sich pingen können
-*etc/hosts anpassen: Der Rechner muss sich unter seiner IP finden, bei localhost den Namen löschen
-.0.0.1   localhost   <strike>tango tango.xinux.test</strike>
-.168.242.200   tango tango.xinux.test
-*DNS anpassen: searchdomain eintragen und den existierenden DC als DNS angeben
- nameserver 192.168.242.201
- search xinux.test
-*DNS testen:
- host -t A rumba.xinux.test
- rumba.xinux.test has address 192.168.242.201
-==Kerberos==
-In der krb5.conf müssen folgende Einträge stehen:
- [libdefaults]
-    dns_lookup_realm = false
-    dns_lookup_kdc = true
-    default_realm = XINUX.TEST
-Testen ob man ein Kerberosticket bekommt
- root@tango:~# '''kinit administrator'''
- Password for administrator@XINUX.TEST:
- root@tango:~# '''klist'''
- Ticket cache: FILE:/tmp/krb5cc_0
- Default principal: administrator@XINUX.TEST
- Valid starting       Expires              Service principal
-.09.2015 11:08:57  10.09.2015 21:08:57  krbtgt/XINUX.TEST@XINUX.TEST
-	 renew until 11.09.2015 11:08:44
-==Der Domain beitreten==
-*'''ACHTUNG''' Für das Administrator-Passwort gelten die Standardrichtlinien von SAMBA4!
-*Weiterführende Infos: samba-tool domain join --help
- root@tango:~# samba-tool domain join XINUX.TEST DC -Uadministrator --realm=XINUX.TEST --dns-backend=SAMBA_INTERNAL
-Ausgabe:
-<pre>
-Finding a writeable DC for domain 'XINUX.TEST'
-Found DC rumba.xinux.test
-Password for [WORKGROUP\administrator]:
-workgroup is XINUX
-realm is xinux.test
-checking sAMAccountName
-Adding CN=TANGO,OU=Domain Controllers,DC=xinux,DC=test
-Adding CN=TANGO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xinux,DC=test
-Adding CN=NTDS Settings,CN=TANGO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xinux,DC=test
-Adding SPNs to CN=TANGO,OU=Domain Controllers,DC=xinux,DC=test
-Setting account password for TANGO$
-Enabling account
-Calling bare provision
-No IPv6 address will be assigned
-Provision OK for domain DN DC=xinux,DC=test
-Starting replication
-Schema-DN[CN=Schema,CN=Configuration,DC=xinux,DC=test] objects[402/1550] linked_values[0/0]
-Schema-DN[CN=Schema,CN=Configuration,DC=xinux,DC=test] objects[804/1550] linked_values[0/0]
-Schema-DN[CN=Schema,CN=Configuration,DC=xinux,DC=test] objects[1206/1550] linked_values[0/0]
-Schema-DN[CN=Schema,CN=Configuration,DC=xinux,DC=test] objects[1550/1550] linked_values[0/0]
-Analyze and apply schema objects
-Partition[CN=Configuration,DC=xinux,DC=test] objects[402/1616] linked_values[0/0]
-Partition[CN=Configuration,DC=xinux,DC=test] objects[804/1616] linked_values[0/0]
-Partition[CN=Configuration,DC=xinux,DC=test] objects[1206/1616] linked_values[0/0]
-Partition[CN=Configuration,DC=xinux,DC=test] objects[1608/1616] linked_values[0/0]
-Partition[CN=Configuration,DC=xinux,DC=test] objects[1616/1616] linked_values[28/0]
-Replicating critical objects from the base DN of the domain
-Partition[DC=xinux,DC=test] objects[97/97] linked_values[23/0]
-Partition[DC=xinux,DC=test] objects[365/268] linked_values[23/0]
-Done with always replicated NC (base, config, schema)
-Replicating DC=DomainDnsZones,DC=xinux,DC=test
-Partition[DC=DomainDnsZones,DC=xinux,DC=test] objects[46/46] linked_values[0/0]
-Replicating DC=ForestDnsZones,DC=xinux,DC=test
-Partition[DC=ForestDnsZones,DC=xinux,DC=test] objects[18/18] linked_values[0/0]
-Partition[DC=ForestDnsZones,DC=xinux,DC=test] objects[36/18] linked_values[0/0]
-Committing SAM database
-Sending DsReplicateUpdateRefs for all the replicated partitions
-Setting isSynchronized and dsServiceName
-Setting up secrets database
-Joined domain XINUX (SID S-1-5-21-3964088599-1372953937-1397556401) as a DC
-</pre>
-==Anzeige der Replikation==
-DC1:
-<pre>
-root@rumba:~# samba-tool drs showrepl
-Default-First-Site-Name\RUMBA
-DSA Options: 0x00000001
-DSA object GUID: d91df6e8-fc0f-4d96-8407-1f66f5b5c47d
-DSA invocationId: fc6eaa8e-a1cf-4af8-b919-f0af6abddb27
-==== INBOUND NEIGHBORS ====
-DC=DomainDnsZones,DC=xinux,DC=test
-	Default-First-Site-Name\TANGO via RPC
-		DSA object GUID: 9038189e-b307-48dc-bca3-fc76bc63ec38
-		Last attempt @ Thu Sep 10 11:30:34 2015 CEST was successful
-consecutive failure(s).
-		Last success @ Thu Sep 10 11:30:34 2015 CEST
-DC=ForestDnsZones,DC=xinux,DC=test
-	Default-First-Site-Name\TANGO via RPC
-		DSA object GUID: 9038189e-b307-48dc-bca3-fc76bc63ec38
-		Last attempt @ Thu Sep 10 11:30:34 2015 CEST was successful
-consecutive failure(s).
-		Last success @ Thu Sep 10 11:30:34 2015 CEST
-DC=xinux,DC=test
-	Default-First-Site-Name\TANGO via RPC
-		DSA object GUID: 9038189e-b307-48dc-bca3-fc76bc63ec38
-		Last attempt @ Thu Sep 10 11:30:59 2015 CEST was successful
-consecutive failure(s).
-		Last success @ Thu Sep 10 11:30:59 2015 CEST
-CN=Schema,CN=Configuration,DC=xinux,DC=test
-	Default-First-Site-Name\TANGO via RPC
-		DSA object GUID: 9038189e-b307-48dc-bca3-fc76bc63ec38
-		Last attempt @ Thu Sep 10 11:30:34 2015 CEST was successful
-consecutive failure(s).
-		Last success @ Thu Sep 10 11:30:34 2015 CEST
-CN=Configuration,DC=xinux,DC=test
-	Default-First-Site-Name\TANGO via RPC
-		DSA object GUID: 9038189e-b307-48dc-bca3-fc76bc63ec38
-		Last attempt @ Thu Sep 10 11:30:35 2015 CEST was successful
-consecutive failure(s).
-		Last success @ Thu Sep 10 11:30:35 2015 CEST
-==== OUTBOUND NEIGHBORS ====
-DC=DomainDnsZones,DC=xinux,DC=test
-	Default-First-Site-Name\TANGO via RPC
-		DSA object GUID: 9038189e-b307-48dc-bca3-fc76bc63ec38
-		Last attempt @ NTTIME(0) was successful
-consecutive failure(s).
-		Last success @ NTTIME(0)
-DC=ForestDnsZones,DC=xinux,DC=test
-	Default-First-Site-Name\TANGO via RPC
-		DSA object GUID: 9038189e-b307-48dc-bca3-fc76bc63ec38
-		Last attempt @ NTTIME(0) was successful
-consecutive failure(s).
-		Last success @ NTTIME(0)
-DC=xinux,DC=test
-	Default-First-Site-Name\TANGO via RPC
-		DSA object GUID: 9038189e-b307-48dc-bca3-fc76bc63ec38
-		Last attempt @ NTTIME(0) was successful
-consecutive failure(s).
-		Last success @ NTTIME(0)
-CN=Schema,CN=Configuration,DC=xinux,DC=test
-	Default-First-Site-Name\TANGO via RPC
-		DSA object GUID: 9038189e-b307-48dc-bca3-fc76bc63ec38
-		Last attempt @ NTTIME(0) was successful
-consecutive failure(s).
-		Last success @ NTTIME(0)
-CN=Configuration,DC=xinux,DC=test
-	Default-First-Site-Name\TANGO via RPC
-		DSA object GUID: 9038189e-b307-48dc-bca3-fc76bc63ec38
-		Last attempt @ NTTIME(0) was successful
-consecutive failure(s).
-		Last success @ NTTIME(0)
-==== KCC CONNECTION OBJECTS ====
-Connection --
-	Connection name: f31d9725-b1a6-4450-93d4-8b62fabf609f
-	Enabled        : TRUE
-	Server DNS name : TANGO.xinux.test
-	Server DN name  : CN=NTDS Settings,CN=TANGO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xinux,DC=test
-		TransportType: RPC
-		options: 0x00000001
-Warning: No NC replicated for Connection!
-</pre>
-DC2:
-<pre>
-root@tango:~# samba-tool drs showrepl
-Default-First-Site-Name\TANGO
-DSA Options: 0x00000001
-DSA object GUID: 9038189e-b307-48dc-bca3-fc76bc63ec38
-DSA invocationId: 1278e3ce-dadf-4e44-be9a-43c591e8318d
-==== INBOUND NEIGHBORS ====
-CN=Schema,CN=Configuration,DC=xinux,DC=test
-	Default-First-Site-Name\RUMBA via RPC
-		DSA object GUID: d91df6e8-fc0f-4d96-8407-1f66f5b5c47d
-		Last attempt @ Thu Sep 10 11:28:15 2015 CEST was successful
-consecutive failure(s).
-		Last success @ Thu Sep 10 11:28:15 2015 CEST
-DC=xinux,DC=test
-	Default-First-Site-Name\RUMBA via RPC
-		DSA object GUID: d91df6e8-fc0f-4d96-8407-1f66f5b5c47d
-		Last attempt @ Thu Sep 10 11:28:15 2015 CEST was successful
-consecutive failure(s).
-		Last success @ Thu Sep 10 11:28:15 2015 CEST
-DC=DomainDnsZones,DC=xinux,DC=test
-	Default-First-Site-Name\RUMBA via RPC
-		DSA object GUID: d91df6e8-fc0f-4d96-8407-1f66f5b5c47d
-		Last attempt @ Thu Sep 10 11:31:28 2015 CEST was successful
-consecutive failure(s).
-		Last success @ Thu Sep 10 11:31:28 2015 CEST
-DC=ForestDnsZones,DC=xinux,DC=test
-	Default-First-Site-Name\RUMBA via RPC
-		DSA object GUID: d91df6e8-fc0f-4d96-8407-1f66f5b5c47d
-		Last attempt @ Thu Sep 10 11:28:15 2015 CEST was successful
-consecutive failure(s).
-		Last success @ Thu Sep 10 11:28:15 2015 CEST
-CN=Configuration,DC=xinux,DC=test
-	Default-First-Site-Name\RUMBA via RPC
-		DSA object GUID: d91df6e8-fc0f-4d96-8407-1f66f5b5c47d
-		Last attempt @ Thu Sep 10 11:28:15 2015 CEST was successful
-consecutive failure(s).
-		Last success @ Thu Sep 10 11:28:15 2015 CEST
-==== OUTBOUND NEIGHBORS ====
-CN=Schema,CN=Configuration,DC=xinux,DC=test
-	Default-First-Site-Name\RUMBA via RPC
-		DSA object GUID: d91df6e8-fc0f-4d96-8407-1f66f5b5c47d
-		Last attempt @ NTTIME(0) was successful
-consecutive failure(s).
-		Last success @ NTTIME(0)
-DC=xinux,DC=test
-	Default-First-Site-Name\RUMBA via RPC
-		DSA object GUID: d91df6e8-fc0f-4d96-8407-1f66f5b5c47d
-		Last attempt @ NTTIME(0) was successful
-consecutive failure(s).
-		Last success @ NTTIME(0)
-DC=DomainDnsZones,DC=xinux,DC=test
-	Default-First-Site-Name\RUMBA via RPC
-		DSA object GUID: d91df6e8-fc0f-4d96-8407-1f66f5b5c47d
-		Last attempt @ NTTIME(0) was successful
-consecutive failure(s).
-		Last success @ NTTIME(0)
-DC=ForestDnsZones,DC=xinux,DC=test
-	Default-First-Site-Name\RUMBA via RPC
-		DSA object GUID: d91df6e8-fc0f-4d96-8407-1f66f5b5c47d
-		Last attempt @ NTTIME(0) was successful
-consecutive failure(s).
-		Last success @ NTTIME(0)
-CN=Configuration,DC=xinux,DC=test
-	Default-First-Site-Name\RUMBA via RPC
-		DSA object GUID: d91df6e8-fc0f-4d96-8407-1f66f5b5c47d
-		Last attempt @ NTTIME(0) was successful
-consecutive failure(s).
-		Last success @ NTTIME(0)
-==== KCC CONNECTION OBJECTS ====
-Connection --
-	Connection name: 2770037b-6291-442b-9b94-89c8d6c780c0
-	Enabled        : TRUE
-	Server DNS name : rumba.xinux.test
-	Server DN name  : CN=NTDS Settings,CN=RUMBA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xinux,DC=test
-		TransportType: RPC
-		options: 0x00000001
-Warning: No NC replicated for Connection!
-</pre>
-=SeDiskOperatorPrivilege=
- net rpc rights grant 'XINUX\Domain Admins' SeDiskOperatorPrivilege -Uadministrator
-===Vorhandene Rechte lassen sich so Anzeige===
- net rpc rights list accounts -Uadministrator
-=[[Userverwaltung]]=
+=2 DC mit Replicatiom=
+*[[2 DC mit Replicatiom]]
+=RSAT=
+*[[RSAT]]
 =howto=

Debian Samba4 ADS Domaincontroller: Unterschied zwischen den Versionen

Aktuelle Version vom 16. Oktober 2024, 06:38 Uhr

Hostname: dc1.samba34.linuggs.de

Interface anpassen

Hosts anpassen

Hostname setzen

resolv.conf anpassen

Samba 4 installieren

Domain anlegen

Reboot

Start und Enable

smbversion, share und auth check

smbversion

shares anzeigen:

Authentication check:

DNS setzen

Resolv

Check

Forwarder eintragen

Check

Kerberos

Winbind

nsswitch.conf ändern

ist winbind is "pingbar

anzeigen der userliste

/etc/samba/smb.conf ergänzen

Service neustarten

funtioniert nsswitch

Tests

Gucken welche Ports geöffnen

Prozesse

Misc

Adminpasswort läuft nicht ab

Kennwortrichtlinie in Samba 4 Domain deaktivieren

Adminpasswort setzen

Kennwortrichtlinie in Samba 4 Domain anzeigen

Samba Verwaltung

2 DC mit Replicatiom

RSAT

howto

installation

Navigationsmenü

Suche