Aktuelle Version vom 16. Oktober 2024, 06:38 Uhr

Hostname: dc1.samba34.linuggs.de

Interface anpassen

vi /etc/network/interfaces

auto lo
iface lo inet loopback

# The primary network interface
auto enp0s3
iface enp0s3 inet static
  address 172.26.55.22/24
  gateway 172.26.55.1

iface enp0s3 inet6 static
  address 2a02:24d8:71:3037::22/64
  gateway 2a02:24d8:71:3037::1

Hosts anpassen

vi /etc/hosts

127.0.0.1       localhost
172.26.55.22    dc1.samba34.linuggs.de dc1
2a02:24d8:71:3037::22 dc1.samba34.linuggs.de dc1
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Hostname setzen

hostnamectl set-hostname dc1.samba34.linuggs.de

resolv.conf anpassen

vi /etc/resolv.conf

nameserver 2a02:24d8:71:3040::1
nameserver 172.30.34.254
search samba34.linuggs.de

reboot

Samba 4 installieren

apt install samba smbclient winbind ntp libnss-winbind krb5-user acl

Domain anlegen

Vorher löschen

rm /etc/samba/smb.conf /var/lib/samba/private/sam.ldb

Los geht es

samba-tool domain provision --realm=samba34.linuggs.de --domain=samba34 --adminpass="123Start$" --server-role=dc --dns-backend=SAMBA_INTERNAL --use-rfc2307

Reboot

reboot

Start und Enable

systemctl unmask samba-ad-dc
systemctl start samba-ad-dc
systemctl enable samba-ad-dc

smbversion, share und auth check

smbversion

Diese sollten übereinstimmen:

samba -V

Version 4.17.12-Debian

smbclient -V

Version 4.17.12-Debian

shares anzeigen:

smbclient -L localhost -U%

	Sharename       Type      Comment
	---------       ----      -------
	sysvol          Disk      
	netlogon        Disk      
	IPC$            IPC       IPC Service (Samba 4.17.12-Debian)
SMB1 disabled -- no workgroup available

Authentication check:

smbclient //localhost/netlogon -UAdministrator%"123Start$" -c 'ls'

  .                                   D        0  Mon Oct 14 20:28:15 2024
  ..                                  D        0  Mon Oct 14 20:28:16 2024

		19022504 blocks of size 1024. 16474524 blocks available

DNS setzen

Resolv

cat /etc/resolv.conf

nameserver ::1
nameserver 127.0.0.1
search samba34.linuggs.de

Check

nslookup dc1

Server:		::1
Address:	::1#53

Name:	dc1.samba34.linuggs.de
Address: 172.26.55.22
Name:	dc1.samba34.linuggs.de
Address: 2a02:24d8:71:3037::22

Forwarder eintragen

vi /etc/samba/smb.conf

dns forwarder = 172.30.34.254 2a02:24d8:71:3040::1

Check

Variablen setzen

DOMAIN="samba34.linuggs.de"
CONTROLLER="dc1"

Diverse Records

host -t SRV _ldap._tcp.$DOMAIN

_ldap._tcp.samba34.linuggs.de has SRV record 0 100 389 dc1.samba34.linuggs.de.

host -t SRV _kerberos._udp.$DOMAIN

_kerberos._udp.samba34.linuggs.de has SRV record 0 100 88 dc1.samba34.linuggs.de.

host -t A $CONTROLLER.$DOMAIN

dc1.samba34.linuggs.de has address 172.26.55.22

host -t AAAA $CONTROLLER.$DOMAIN

dc1.samba34.linuggs.de has IPv6 address 2a02:24d8:71:3037::22

Kerberos

vi /etc/krb5.conf

[libdefaults]
        default_realm = SAMBA34.LINUGGS.DE
        dns_lookup_realm = false
        dns_lookup_kdc = true

[realms]
        SAMBA34.LINUGGS.DE = {
                kdc = dc1.samba34.linuggs.de
                admin_server = dc1.samba34.linuggs.de
        }

Winbind

nsswitch.conf ändern

passwd:         compat winbind
group:          compat winbind

ist winbind is "pingbar

wbinfo -p

Ping to winbindd succeeded

anzeigen der userliste

wbinfo -u

Administrator
Guest
krbtgt

/etc/samba/smb.conf ergänzen

[global]
        netbios name = DC1
        realm = SAMBA34.LINUGGS.DE
        server role = active directory domain controller
        workgroup = SAMBA34
        dns forwarder = 172.30.34.254 2a02:24d8:71:3040::1
        idmap_ldb:use rfc2307 = yes
        winbind enum users = yes
        winbind enum groups = yes
        winbind nss info = template
        template shell = /bin/bash
        template homedir = /home/%U
        winbind use default domain = yes
        

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No 

[netlogon]
        path = /var/lib/samba/sysvol/samba34.linuggs.de/scripts
        read only = No

DC-smb.conf-Erklärung

Service neustarten

systemctl restart samba-ad-dc.service

funtioniert nsswitch

getent passwd | grep SAMBA34

SAMBA34\administrator:*:0:100::/home/administrator:/bin/bash
SAMBA34\guest:*:3000011:100::/home/guest:/bin/bash
SAMBA34\krbtgt:*:3000017:100::/home/krbtgt:/bin/bash

Tests

Gucken welche Ports geöffnen

TCP

ss -lntp

UDP

ss -lnup

Prozesse

apt install psmisc
pstree

Misc

Adminpasswort läuft nicht ab

samba-tool user setexpiry administrator --noexpiry

Kennwortrichtlinie in Samba 4 Domain deaktivieren

samba-tool domain passwordsettings set --complexity=off
samba-tool domain passwordsettings set --history-length=0
samba-tool domain passwordsettings set --min-pwd-age=0
samba-tool domain passwordsettings set --max-pwd-age=0
samba-tool domain passwordsettings set --min-pwd-length 0

Adminpasswort setzen

samba-tool user setpassword Administrator

Kennwortrichtlinie in Samba 4 Domain anzeigen

samba-tool domain passwordsettings show

Samba Verwaltung

Samba Verwaltung

2 DC mit Replicatiom

2 DC mit Replicatiom

RSAT

RSAT

howto

https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO

installation

http://ubuntuforums.org/showthread.php?t=2146198

@@ Zeile 1: / Zeile 1: @@
-=Installation=
+== Hostname: dc1.samba34.linuggs.de ==
-==Interface anpassen==
+=== Interface anpassen ===
- vi /etc/network/interfaces
+*vi /etc/network/interfaces
 <pre>
 auto lo
 iface lo inet loopback
-auto eth0
+# The primary network interface
-iface eth0 inet static
+auto enp0s3
-address 192.168.240.199
+iface enp0s3 inet static
-netmask 255.255.248.0
+  address 172.26.55.22/24
-gateway 192.168.240.100
+  gateway 172.26.55.1
-dns-nameservers 192.168.240.199 8.8.8.8
-dns-search xinux.lan
-</pre>
-==hosts anpassen==
+iface enp0s3 inet6 static
- vi /etc/hosts
+  address 2a02:24d8:71:3037::22/64
-.0.0.1       localhost
+  gateway 2a02:24d8:71:3037::1
-.168.240.199 fenetre fenetre.xinux.lan
- echo fenetre.xinux.lan > /etc/hostname
- reboot
-==samba4 installieren==
+</pre>
- apt-get install samba smbclient winbind ntp libnss-winbind krb5-user acl
-==Domain anlegen==
+=== Hosts anpassen ===
-vorher das löschen:
+*vi /etc/hosts
- rm /etc/samba/smb.conf /var/lib/samba/private/sam.ldb
+<pre>
+.0.0.1       localhost
+.26.55.22    dc1.samba34.linuggs.de dc1
+a02:24d8:71:3037::22 dc1.samba34.linuggs.de dc1
+::1     localhost ip6-localhost ip6-loopback
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
+</pre>
+=== Hostname setzen ===
+*hostnamectl set-hostname dc1.samba34.linuggs.de
-''' realm, domain und adminpass''' sollten/können angepasst werden!
+=== resolv.conf anpassen ===
- samba-tool domain provision --realm=xinux.lan --domain=xinux --adminpass="Z0pp0Trump" --server-role=dc --dns-backend=SAMBA_INTERNAL --use-rfc2307
+*vi /etc/resolv.conf
-oder
+<pre>
+nameserver 2a02:24d8:71:3040::1
+nameserver 172.30.34.254
+search samba34.linuggs.de
+</pre>
-===install bind===
+reboot
- apt-get remove apparmor
- reboot
- apt-get install bind9
- echo 'include "/var/lib/samba/private/named.conf";' >> /etc/bind/named.conf
-====/etc/bind/named.conf.options====
- tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
-====/var/lib/samba/private/named.conf====
+== Samba 4 installieren ==
-dlz "AD DNS Zone" {
+*apt install samba smbclient winbind ntp libnss-winbind krb5-user acl
-     database "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_9.so";
-};
+== Domain anlegen ==
+;Vorher löschen
+*rm /etc/samba/smb.conf /var/lib/samba/private/sam.ldb
-''' realm, domain und adminpass''' sollten/können angepasst werden!
+;Los geht es
- samba-tool domain provision --realm=xinux.lan --domain=xinux --adminpass="Z0pp0Trump" --server-role=dc --dns-backend=BIND9_DLZ --use-rfc2307
+*samba-tool domain provision --realm=samba34.linuggs.de --domain=samba34 --adminpass="123Start$" --server-role=dc --dns-backend=SAMBA_INTERNAL --use-rfc2307
-*Bei adminpass am besten das hier stehende übernehmen und erst später wie in dieser Anleitung beschrieben ändern, da man sonst die Passwortvorgaben verletzen könnte. Wenn dies passiert richtet sich der Sambaserver nicht korrekt ein.
+==Reboot==
+*reboot
-==Reboot==
+==Start und Enable==
-  reboot
+*systemctl unmask  samba-ad-dc
+*systemctl start  samba-ad-dc
+*systemctl enable  samba-ad-dc
 ==smbversion, share und auth check==
 ===smbversion===
 Diese sollten übereinstimmen:
- root@fenetre:~# samba -V
+*samba -V
-  Version 4.1.6-Ubuntu
+  Version 4.17.12-Debian
- root@fenetre:~# smbclient -V
+*smbclient -V
-  Version 4.1.6-Ubuntu
+  Version 4.17.12-Debian
 ===shares anzeigen:===
+*smbclient -L localhost -U%
 <pre>
-root@fenetre:~# smbclient -L localhost -U%
-Domain=[XINUX] OS=[Unix] Server=[Samba 4.1.6-Ubuntu]
 	Sharename       Type      Comment
 	---------       ----      -------
+	sysvol          Disk
 	netlogon        Disk
-	sysvol          Disk
+	IPC$            IPC       IPC Service (Samba 4.17.12-Debian)
-	IPC$            IPC       IPC Service (Samba 4.1.6-Ubuntu)
+SMB1 disabled -- no workgroup available
-Domain=[XINUX] OS=[Unix] Server=[Samba 4.1.6-Ubuntu]
-	Server               Comment
-	---------            -------
-	Workgroup            Master
-	---------            -------
-	WORKGROUP
 </pre>
 ===Authentication check:===
+*smbclient //localhost/netlogon -UAdministrator%"123Start$" -c 'ls'
 <pre>
-root@fenetre:~# smbclient //localhost/netlogon -UAdministrator%"Z0pp0Trump" -c 'ls'
+   .                                   D        0  Mon Oct 14 20:28:15 2024
-Domain=[XINUX] OS=[Unix] Server=[Samba 4.1.6-Ubuntu]
+   ..                                  D        0  Mon Oct 14 20:28:16 2024
-   .                                   D        0  Thu Apr 24 15:51:50 2014
-   ..                                  D        0  Thu Apr 24 15:51:54 2014
-blocks of size 524288. 47502 blocks available
+		19022504 blocks of size 1024. 16474524 blocks available
 </pre>
 ==DNS setzen==
 ===Resolv===
-*/etc/resolv.conf
+*cat  /etc/resolv.conf
-  nameserver 192.168.240.199
+  nameserver ::1
-  search xinux.lan
+ nameserver 127.0.0.1
+  search samba34.linuggs.de
 ===Check===
+*nslookup dc1
+<pre>
+Server:		::1
+Address:	::1#53
+Name:	dc1.samba34.linuggs.de
+Address: 172.26.55.22
+Name:	dc1.samba34.linuggs.de
+Address: 2a02:24d8:71:3037::22
+</pre>
 ===Forwarder eintragen===
- sudo vi  /etc/samba/smb.conf
+*vi  /etc/samba/smb.conf
-füge hinzu: (Man kann natürlich auch seinen eigenen DNS angeben)
+  dns forwarder = 172.30.34.254 2a02:24d8:71:3040::1
-  dns forwarder = 192.168.240.21
 ===Check===
+;Variablen setzen
+*DOMAIN="samba34.linuggs.de"
+*CONTROLLER="dc1"
+;Diverse Records
+*host -t SRV _ldap._tcp.$DOMAIN
+ _ldap._tcp.samba34.linuggs.de has SRV record 0 100 389 dc1.samba34.linuggs.de.
+*host -t SRV _kerberos._udp.$DOMAIN
+ _kerberos._udp.samba34.linuggs.de has SRV record 0 100 88 dc1.samba34.linuggs.de.
+*host -t A $CONTROLLER.$DOMAIN
+ dc1.samba34.linuggs.de has address 172.26.55.22
+*host -t AAAA $CONTROLLER.$DOMAIN
+ dc1.samba34.linuggs.de has IPv6 address 2a02:24d8:71:3037::22
+==Kerberos==
+*vi /etc/krb5.conf
 <pre>
-DOMAIN="xinux.lan"
+[libdefaults]
-CONTROLLER="fenetre"
+        default_realm = SAMBA34.LINUGGS.DE
-host -t SRV _ldap._tcp.$DOMAIN
+        dns_lookup_realm = false
-_ldap._tcp.xinux.lan has SRV record 0 100 389 fenetre.xinux.lan.
+        dns_lookup_kdc = true
-host -t SRV _kerberos._udp.$DOMAIN
-_kerberos._udp.xinux.lan has SRV record 0 100 88 fenetre.xinux.lan.
-host -t A $CONTROLLER.$DOMAIN
-fenetre.xinux.lan has address 192.168.240.199
+[realms]
+        SAMBA34.LINUGGS.DE = {
+                kdc = dc1.samba34.linuggs.de
+                admin_server = dc1.samba34.linuggs.de
+        }
 </pre>
-==Kerberos==
- *[[kerberos client samba]]
-==Share hinzufügen==
- mkfs.ext4 /dev/vdb1
- mkdir /share
- echo "/dev/vdb1  /share   ext4 user_xattr,acl 0 0" >> /etc/fstab
- mount -a
- mkdir -m 770 /share
- chmod g+s /share
- chown root:users /share
- vi /etc/samba/smb.conf
-füge das ein:
- [share]
-  directory_mode: parameter = 0700
-  read only = no
-  path = /share
-  csc policy = documents
-==Share testen==
- root@fenetre:~# smbclient -L localhost -U% | grep share
- Domain=[XINUX] OS=[Unix] Server=[Samba 4.1.6-Ubuntu]
- Domain=[XINUX] OS=[Unix] Server=[Samba 4.1.6-Ubuntu]
- 	share           Disk
 ==Winbind==
-===winbind link setzen===
- ln -s /lib/x86_64-linux-gnu/libnss_winbind.so.2 /lib/x86_64-linux-gnu/libnss_winbind.so
 ===nsswitch.conf ändern===
   passwd:         compat winbind
   group:          compat winbind
 ===ist winbind is "pingbar===
- root@fenetre:~# wbinfo -p
+*wbinfo -p
   Ping to winbindd succeeded
 ===anzeigen der userliste===
- root@fenetre:~# wbinfo -u
+*wbinfo -u
   Administrator
   Guest
   krbtgt
+===/etc/samba/smb.conf ergänzen===
+ [global]
+         netbios name = DC1
+         realm = SAMBA34.LINUGGS.DE
+         server role = active directory domain controller
+         workgroup = SAMBA34
+         '''dns forwarder = 172.30.34.254 2a02:24d8:71:3040::1'''
+         idmap_ldb:use rfc2307 = yes
+         '''winbind enum users = yes'''
+         '''winbind enum groups = yes'''
+         '''winbind nss info = template'''
+         '''template shell = /bin/bash'''
+         '''template homedir = /home/%U'''
+         '''winbind use default domain = yes'''
+ [sysvol]
+         path = /var/lib/samba/sysvol
+         read only = No
+ [netlogon]
+         path = /var/lib/samba/sysvol/samba34.linuggs.de/scripts
+         read only = No
+[[DC-smb.conf-Erklärung]]
+===Service neustarten===
+*systemctl restart samba-ad-dc.service
 ===funtioniert nsswitch===
- root@fenetre:~# getent passwd | grep XINUX
+*getent passwd | grep SAMBA34
-  XINUX\Administrator:*:0:100::/home/XINUX/Administrator:/bin/false
+  SAMBA34\administrator:*:0:100::/home/administrator:/bin/bash
-  XINUX\Guest:*:3000011:3000012::/home/XINUX/Guest:/bin/false
+  SAMBA34\guest:*:3000011:100::/home/guest:/bin/bash
-  XINUX\krbtgt:*:3000017:100::/home/XINUX/krbtgt:/bin/false
+  SAMBA34\krbtgt:*:3000017:100::/home/krbtgt:/bin/bash
+===Tests===
+====Gucken welche Ports geöffnen====
+;TCP
+*ss -lntp
+;UDP
+*ss -lnup
+====Prozesse====
+*apt install psmisc
+*pstree
 ==Misc==
 ===Adminpasswort läuft nicht ab===
- samba-tool user setexpiry administrator --noexpiry
+*samba-tool user setexpiry administrator --noexpiry
 ===Kennwortrichtlinie in Samba 4 Domain deaktivieren===
- samba-tool domain passwordsettings set --complexity=off
+*samba-tool domain passwordsettings set --complexity=off
- samba-tool domain passwordsettings set --history-length=0
+*samba-tool domain passwordsettings set --history-length=0
- samba-tool domain passwordsettings set --min-pwd-age=0
+*samba-tool domain passwordsettings set --min-pwd-age=0
- samba-tool domain passwordsettings set --max-pwd-age=0
+*samba-tool domain passwordsettings set --max-pwd-age=0
- samba-tool domain passwordsettings set --min-pwd-length 0
+*samba-tool domain passwordsettings set --min-pwd-length 0
 ===Adminpasswort setzen===
   samba-tool user setpassword Administrator
@@ Zeile 191: / Zeile 219: @@
   samba-tool domain passwordsettings show
-=Zwei DC mit Replikation einrichten=
+=Samba Verwaltung=
-==Situation==
+*[[Samba Verwaltung]]
- '''Existierender DC'''
- Name: rumba
- IP: 192.168.242.201
- Ist DNS: Ja
- '''Domain Informationen'''
- DNS Domain Name: xinux.test
- Kerberos realm: XINUX.TEST
- Domain Admin: administrator
- Admin-PW: password
- '''Hinzuzufügender DC'''
- Name: tango
- IP: 192.168.242.200
-==Vorbereitungen==
-*Beide Rechner sollten im selben Netz sein und sich pingen können
-*etc/hosts anpassen: Der Rechner muss sich unter seiner IP finden, bei localhost den Namen löschen
-.0.0.1   localhost   <strike>tango tango.xinux.test</strike>
-.168.242.200   tango tango.xinux.test
-*DNS anpassen: searchdomain eintragen und den existierenden DC als DNS angeben
- nameserver 192.168.242.201
- search xinux.test
-*DNS testen:
- host -t A rumba.xinux.test
- rumba.xinux.test has address 192.168.242.201
-==Kerberos==
-In der krb5.conf müssen folgende Einträge stehen:
- [libdefaults]
-    dns_lookup_realm = false
-    dns_lookup_kdc = true
-    default_realm = XINUX.TEST
-Testen ob man ein Kerberosticket bekommt
- root@tango:~# '''kinit administrator'''
- Password for administrator@XINUX.TEST:
- root@tango:~# '''klist'''
- Ticket cache: FILE:/tmp/krb5cc_0
- Default principal: administrator@XINUX.TEST
- Valid starting       Expires              Service principal
-.09.2015 11:08:57  10.09.2015 21:08:57  krbtgt/XINUX.TEST@XINUX.TEST
-	 renew until 11.09.2015 11:08:44
-==Der Domain beitreten==
-*'''ACHTUNG''' Für das Administrator-Passwort gelten die Standardrichtlinien von SAMBA4!
-*Weiterführende Infos: samba-tool domain join --help
- root@tango:~# samba-tool domain join XINUX.TEST DC -Uadministrator --realm=XINUX.TEST --dns-backend=SAMBA_INTERNAL
-Ausgabe:
-<pre>
-Finding a writeable DC for domain 'XINUX.TEST'
-Found DC rumba.xinux.test
-Password for [WORKGROUP\administrator]:
-workgroup is XINUX
-realm is xinux.test
-checking sAMAccountName
-Adding CN=TANGO,OU=Domain Controllers,DC=xinux,DC=test
-Adding CN=TANGO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xinux,DC=test
-Adding CN=NTDS Settings,CN=TANGO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xinux,DC=test
-Adding SPNs to CN=TANGO,OU=Domain Controllers,DC=xinux,DC=test
-Setting account password for TANGO$
-Enabling account
-Calling bare provision
-No IPv6 address will be assigned
-Provision OK for domain DN DC=xinux,DC=test
-Starting replication
-Schema-DN[CN=Schema,CN=Configuration,DC=xinux,DC=test] objects[402/1550] linked_values[0/0]
-Schema-DN[CN=Schema,CN=Configuration,DC=xinux,DC=test] objects[804/1550] linked_values[0/0]
-Schema-DN[CN=Schema,CN=Configuration,DC=xinux,DC=test] objects[1206/1550] linked_values[0/0]
-Schema-DN[CN=Schema,CN=Configuration,DC=xinux,DC=test] objects[1550/1550] linked_values[0/0]
-Analyze and apply schema objects
-Partition[CN=Configuration,DC=xinux,DC=test] objects[402/1616] linked_values[0/0]
-Partition[CN=Configuration,DC=xinux,DC=test] objects[804/1616] linked_values[0/0]
-Partition[CN=Configuration,DC=xinux,DC=test] objects[1206/1616] linked_values[0/0]
-Partition[CN=Configuration,DC=xinux,DC=test] objects[1608/1616] linked_values[0/0]
-Partition[CN=Configuration,DC=xinux,DC=test] objects[1616/1616] linked_values[28/0]
-Replicating critical objects from the base DN of the domain
-Partition[DC=xinux,DC=test] objects[97/97] linked_values[23/0]
-Partition[DC=xinux,DC=test] objects[365/268] linked_values[23/0]
-Done with always replicated NC (base, config, schema)
-Replicating DC=DomainDnsZones,DC=xinux,DC=test
-Partition[DC=DomainDnsZones,DC=xinux,DC=test] objects[46/46] linked_values[0/0]
-Replicating DC=ForestDnsZones,DC=xinux,DC=test
-Partition[DC=ForestDnsZones,DC=xinux,DC=test] objects[18/18] linked_values[0/0]
-Partition[DC=ForestDnsZones,DC=xinux,DC=test] objects[36/18] linked_values[0/0]
-Committing SAM database
-Sending DsReplicateUpdateRefs for all the replicated partitions
-Setting isSynchronized and dsServiceName
-Setting up secrets database
-Joined domain XINUX (SID S-1-5-21-3964088599-1372953937-1397556401) as a DC
-</pre>
-==Anzeige der Replikation==
-DC1:
-<pre>
-root@rumba:~# samba-tool drs showrepl
-Default-First-Site-Name\RUMBA
-DSA Options: 0x00000001
-DSA object GUID: d91df6e8-fc0f-4d96-8407-1f66f5b5c47d
-DSA invocationId: fc6eaa8e-a1cf-4af8-b919-f0af6abddb27
-==== INBOUND NEIGHBORS ====
-DC=DomainDnsZones,DC=xinux,DC=test
-	Default-First-Site-Name\TANGO via RPC
-		DSA object GUID: 9038189e-b307-48dc-bca3-fc76bc63ec38
-		Last attempt @ Thu Sep 10 11:30:34 2015 CEST was successful
-consecutive failure(s).
-		Last success @ Thu Sep 10 11:30:34 2015 CEST
-DC=ForestDnsZones,DC=xinux,DC=test
-	Default-First-Site-Name\TANGO via RPC
-		DSA object GUID: 9038189e-b307-48dc-bca3-fc76bc63ec38
-		Last attempt @ Thu Sep 10 11:30:34 2015 CEST was successful
-consecutive failure(s).
-		Last success @ Thu Sep 10 11:30:34 2015 CEST
-DC=xinux,DC=test
-	Default-First-Site-Name\TANGO via RPC
-		DSA object GUID: 9038189e-b307-48dc-bca3-fc76bc63ec38
-		Last attempt @ Thu Sep 10 11:30:59 2015 CEST was successful
-consecutive failure(s).
-		Last success @ Thu Sep 10 11:30:59 2015 CEST
-CN=Schema,CN=Configuration,DC=xinux,DC=test
-	Default-First-Site-Name\TANGO via RPC
-		DSA object GUID: 9038189e-b307-48dc-bca3-fc76bc63ec38
-		Last attempt @ Thu Sep 10 11:30:34 2015 CEST was successful
-consecutive failure(s).
-		Last success @ Thu Sep 10 11:30:34 2015 CEST
-CN=Configuration,DC=xinux,DC=test
-	Default-First-Site-Name\TANGO via RPC
-		DSA object GUID: 9038189e-b307-48dc-bca3-fc76bc63ec38
-		Last attempt @ Thu Sep 10 11:30:35 2015 CEST was successful
-consecutive failure(s).
-		Last success @ Thu Sep 10 11:30:35 2015 CEST
-==== OUTBOUND NEIGHBORS ====
-DC=DomainDnsZones,DC=xinux,DC=test
-	Default-First-Site-Name\TANGO via RPC
-		DSA object GUID: 9038189e-b307-48dc-bca3-fc76bc63ec38
-		Last attempt @ NTTIME(0) was successful
-consecutive failure(s).
-		Last success @ NTTIME(0)
-DC=ForestDnsZones,DC=xinux,DC=test
-	Default-First-Site-Name\TANGO via RPC
-		DSA object GUID: 9038189e-b307-48dc-bca3-fc76bc63ec38
-		Last attempt @ NTTIME(0) was successful
-consecutive failure(s).
-		Last success @ NTTIME(0)
-DC=xinux,DC=test
-	Default-First-Site-Name\TANGO via RPC
-		DSA object GUID: 9038189e-b307-48dc-bca3-fc76bc63ec38
-		Last attempt @ NTTIME(0) was successful
-consecutive failure(s).
-		Last success @ NTTIME(0)
-CN=Schema,CN=Configuration,DC=xinux,DC=test
-	Default-First-Site-Name\TANGO via RPC
-		DSA object GUID: 9038189e-b307-48dc-bca3-fc76bc63ec38
-		Last attempt @ NTTIME(0) was successful
-consecutive failure(s).
-		Last success @ NTTIME(0)
-CN=Configuration,DC=xinux,DC=test
-	Default-First-Site-Name\TANGO via RPC
-		DSA object GUID: 9038189e-b307-48dc-bca3-fc76bc63ec38
-		Last attempt @ NTTIME(0) was successful
-consecutive failure(s).
-		Last success @ NTTIME(0)
-==== KCC CONNECTION OBJECTS ====
-Connection --
-	Connection name: f31d9725-b1a6-4450-93d4-8b62fabf609f
-	Enabled        : TRUE
-	Server DNS name : TANGO.xinux.test
-	Server DN name  : CN=NTDS Settings,CN=TANGO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xinux,DC=test
-		TransportType: RPC
-		options: 0x00000001
-Warning: No NC replicated for Connection!
-</pre>
-DC2:
-<pre>
-root@tango:~# samba-tool drs showrepl
-Default-First-Site-Name\TANGO
-DSA Options: 0x00000001
-DSA object GUID: 9038189e-b307-48dc-bca3-fc76bc63ec38
-DSA invocationId: 1278e3ce-dadf-4e44-be9a-43c591e8318d
-==== INBOUND NEIGHBORS ====
-CN=Schema,CN=Configuration,DC=xinux,DC=test
-	Default-First-Site-Name\RUMBA via RPC
-		DSA object GUID: d91df6e8-fc0f-4d96-8407-1f66f5b5c47d
-		Last attempt @ Thu Sep 10 11:28:15 2015 CEST was successful
-consecutive failure(s).
-		Last success @ Thu Sep 10 11:28:15 2015 CEST
-DC=xinux,DC=test
-	Default-First-Site-Name\RUMBA via RPC
-		DSA object GUID: d91df6e8-fc0f-4d96-8407-1f66f5b5c47d
-		Last attempt @ Thu Sep 10 11:28:15 2015 CEST was successful
-consecutive failure(s).
-		Last success @ Thu Sep 10 11:28:15 2015 CEST
-DC=DomainDnsZones,DC=xinux,DC=test
-	Default-First-Site-Name\RUMBA via RPC
-		DSA object GUID: d91df6e8-fc0f-4d96-8407-1f66f5b5c47d
-		Last attempt @ Thu Sep 10 11:31:28 2015 CEST was successful
-consecutive failure(s).
-		Last success @ Thu Sep 10 11:31:28 2015 CEST
-DC=ForestDnsZones,DC=xinux,DC=test
-	Default-First-Site-Name\RUMBA via RPC
-		DSA object GUID: d91df6e8-fc0f-4d96-8407-1f66f5b5c47d
-		Last attempt @ Thu Sep 10 11:28:15 2015 CEST was successful
-consecutive failure(s).
-		Last success @ Thu Sep 10 11:28:15 2015 CEST
-CN=Configuration,DC=xinux,DC=test
-	Default-First-Site-Name\RUMBA via RPC
-		DSA object GUID: d91df6e8-fc0f-4d96-8407-1f66f5b5c47d
-		Last attempt @ Thu Sep 10 11:28:15 2015 CEST was successful
-consecutive failure(s).
-		Last success @ Thu Sep 10 11:28:15 2015 CEST
-==== OUTBOUND NEIGHBORS ====
-CN=Schema,CN=Configuration,DC=xinux,DC=test
-	Default-First-Site-Name\RUMBA via RPC
-		DSA object GUID: d91df6e8-fc0f-4d96-8407-1f66f5b5c47d
-		Last attempt @ NTTIME(0) was successful
-consecutive failure(s).
-		Last success @ NTTIME(0)
-DC=xinux,DC=test
-	Default-First-Site-Name\RUMBA via RPC
-		DSA object GUID: d91df6e8-fc0f-4d96-8407-1f66f5b5c47d
-		Last attempt @ NTTIME(0) was successful
-consecutive failure(s).
-		Last success @ NTTIME(0)
-DC=DomainDnsZones,DC=xinux,DC=test
-	Default-First-Site-Name\RUMBA via RPC
-		DSA object GUID: d91df6e8-fc0f-4d96-8407-1f66f5b5c47d
-		Last attempt @ NTTIME(0) was successful
-consecutive failure(s).
-		Last success @ NTTIME(0)
-DC=ForestDnsZones,DC=xinux,DC=test
-	Default-First-Site-Name\RUMBA via RPC
-		DSA object GUID: d91df6e8-fc0f-4d96-8407-1f66f5b5c47d
-		Last attempt @ NTTIME(0) was successful
-consecutive failure(s).
-		Last success @ NTTIME(0)
-CN=Configuration,DC=xinux,DC=test
-	Default-First-Site-Name\RUMBA via RPC
-		DSA object GUID: d91df6e8-fc0f-4d96-8407-1f66f5b5c47d
-		Last attempt @ NTTIME(0) was successful
-consecutive failure(s).
-		Last success @ NTTIME(0)
-==== KCC CONNECTION OBJECTS ====
-Connection --
-	Connection name: 2770037b-6291-442b-9b94-89c8d6c780c0
-	Enabled        : TRUE
-	Server DNS name : rumba.xinux.test
-	Server DN name  : CN=NTDS Settings,CN=RUMBA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xinux,DC=test
-		TransportType: RPC
-		options: 0x00000001
-Warning: No NC replicated for Connection!
-</pre>
-=SeDiskOperatorPrivilege=
- net rpc rights grant 'XINUX\Domain Admins' SeDiskOperatorPrivilege -Uadministrator
-===Vorhandene Rechte lassen sich so Anzeige===
- net rpc rights list accounts -Uadministrator
-=[[Userverwaltung]]=
+=2 DC mit Replicatiom=
+*[[2 DC mit Replicatiom]]
+=RSAT=
+*[[RSAT]]
 =howto=

Debian Samba4 ADS Domaincontroller: Unterschied zwischen den Versionen

Aktuelle Version vom 16. Oktober 2024, 06:38 Uhr

Hostname: dc1.samba34.linuggs.de

Interface anpassen

Hosts anpassen

Hostname setzen

resolv.conf anpassen

Samba 4 installieren

Domain anlegen

Reboot

Start und Enable

smbversion, share und auth check

smbversion

shares anzeigen:

Authentication check:

DNS setzen

Resolv

Check

Forwarder eintragen

Check

Kerberos

Winbind

nsswitch.conf ändern

ist winbind is "pingbar

anzeigen der userliste

/etc/samba/smb.conf ergänzen

Service neustarten

funtioniert nsswitch

Tests

Gucken welche Ports geöffnen

Prozesse

Misc

Adminpasswort läuft nicht ab

Kennwortrichtlinie in Samba 4 Domain deaktivieren

Adminpasswort setzen

Kennwortrichtlinie in Samba 4 Domain anzeigen

Samba Verwaltung

2 DC mit Replicatiom

RSAT

howto

installation

Navigationsmenü

Suche