Sernet Suse: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) (→update) |
Thomas (Diskussion | Beiträge) |
||
| Zeile 47: | Zeile 47: | ||
=install= | =install= | ||
| − | + | zypper install sernet-samba-ad | |
| + | |||
=clean= | =clean= | ||
rm /etc/samba/smb.conf /var/lib/samba/private/sam.ldb | rm /etc/samba/smb.conf /var/lib/samba/private/sam.ldb | ||
Version vom 12. Dezember 2016, 11:08 Uhr
preparation
/etc/resolv.conf
nameserver 192.168.240.200 search xinux.lan
/etc/hostname
susi.xinux.lan
/etc/hosts
127.0.0.1 localhost 192.168.240.29 susi susi.xinux.lan
/etc/sysconfig/network/ifcfg-eth0
BOOTPROTO='static' BROADCAST='' ETHTOOL_OPTIONS='' IPADDR='192.168.240.29/21' MTU='' NAME='' NETMASK='' NETWORK='' REMOTE_IPADDR='' STARTMODE='auto' DHCLIENT_SET_DEFAULT_ROUTE='yes'
/etc/sysconfig/network/routes
default 192.168.240.100 - -
create an account
https://portal.enterprisesamba.com/
add this to /etc/zypp/repos.d/sernet-samba-4.2.repo
change USERNAME and ACCESSKEY
name=SerNet Samba 4.2 Packages (suse-13.2) type=rpm-md baseurl=https://USERNAME:ACCESSKEY@download.sernet.de/packages/samba/4.2/suse/13.2/ gpgcheck=1 gpgkey=https://USERNAME:ACCESSKEY@download.sernet.de/packages/samba/4.2/suse/13.2/repodata/repomd.xml.key enabled=1
The SerNet build key
wget https://download.sernet.de/pub/sernet-build-key-1.1-5.noarch.rpm rpm -i sernet-build-key-1.1-5.noarch.rpm
update
zypper updade
install
zypper install sernet-samba-ad
clean
rm /etc/samba/smb.conf /var/lib/samba/private/sam.ldb
provision
samba-tool domain provision
change in /etc/default/sernet-samba
SAMBA_START_MODE="ad"
start samba ad
service sernet-samba-ad start Starting SAMBA AD services : *
smbclient -L localhost -U%
test the serverports
netstat -ltp Aktive Internetverbindungen (Nur Server) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:domain *:* LISTEN 2579/samba tcp 0 0 *:kerberos *:* LISTEN 2573/samba tcp 0 0 *:8472 *:* LISTEN 790/sshd tcp 0 0 *:ldaps *:* LISTEN 2571/samba tcp 0 0 *:microsoft-ds *:* LISTEN 2570/smbd tcp 0 0 *:1024 *:* LISTEN 2567/samba tcp 0 0 *:3268 *:* LISTEN 2571/samba tcp 0 0 *:3269 *:* LISTEN 2571/samba tcp 0 0 *:ldap *:* LISTEN 2571/samba tcp 0 0 *:loc-srv *:* LISTEN 2567/samba tcp 0 0 *:netbios-ssn *:* LISTEN 2570/smbd tcp 0 0 *:kpasswd *:* LISTEN 2573/samba tcp6 0 0 [::]:domain [::]:* LISTEN 2579/samba tcp6 0 0 [::]:kerberos [::]:* LISTEN 2573/samba tcp6 0 0 [::]:8472 [::]:* LISTEN 790/sshd tcp6 0 0 [::]:ldaps [::]:* LISTEN 2571/samba tcp6 0 0 [::]:microsoft-ds [::]:* LISTEN 2570/smbd tcp6 0 0 [::]:1024 [::]:* LISTEN 2567/samba tcp6 0 0 [::]:3268 [::]:* LISTEN 2571/samba tcp6 0 0 [::]:3269 [::]:* LISTEN 2571/samba tcp6 0 0 [::]:ldap [::]:* LISTEN 2571/samba tcp6 0 0 [::]:loc-srv [::]:* LISTEN 2567/samba tcp6 0 0 [::]:netbios-ssn [::]:* LISTEN 2570/smbd tcp6 0 0 [::]:kpasswd [::]:* LISTEN 2573/samba
test dns
DOMAIN="xinux.org" CONTROLLER="gondor"
ldap
host -t SRV _ldap._tcp.$DOMAIN _ldap._tcp.xinux.org has SRV record 0 100 389 gondor.xinux.org.
kerberos
host -t SRV _kerberos._udp.$DOMAIN _kerberos._udp.xinux.org has SRV record 0 100 88 gondor.xinux.org.
hostname
host -t A $CONTROLLER.$DOMAIN gondor.xinux.org has address 192.168.240.200
nsswitch
change /etc/nsswitch.conf
passwd: compat winbind group: compat winbind
test passwd
getent passwd | grep XINUX XINUX\Administrator:*:0:100::/home/XINUX/Administrator:/bin/false XINUX\Guest:*:3000011:3000012::/home/XINUX/Guest:/bin/false XINUX\krbtgt:*:3000016:100::/home/XINUX/krbtgt:/bin/false
test group
getent group | grep XINUX XINUX\Enterprise Read-Only Domain Controllers:*:3000017: XINUX\Domain Admins:*:3000008: XINUX\Domain Users:*:100: XINUX\Domain Guests:*:3000012: XINUX\Domain Computers:*:3000018: XINUX\Domain Controllers:*:3000019: XINUX\Schema Admins:*:3000007: XINUX\Enterprise Admins:*:3000006: XINUX\Group Policy Creator Owners:*:3000004: XINUX\Read-Only Domain Controllers:*:3000020: XINUX\DnsUpdateProxy:*:3000021:
kerberos
install heimdal-clients
apt-get install heimdal-clients
copy config
cp /var/lib/samba/private/krb5.conf /etc/krb5.conf
test kerberos
kinit
kinit Administrator Administrator@XINUX.ORG's Password:
klist
klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: Administrator@XINUX.ORG
Issued Expires Principal
Jun 25 14:31:42 2014 Jun 26 00:31:34 2014 krbtgt/XINUX.ORG@XINUX.ORG
ldap
test over ldapserver localhost
ldbsearch -H ldaps://localhost "cn=administrator" -U administrator
timeserver
install
apt-get install ntp
/etc/ntp.conf
server 127.127.1.0 fudge 127.127.1.0 stratum 10 server 0.pool.ntp.org iburst prefer server 1.pool.ntp.org iburst prefer driftfile /var/lib/ntp/ntp.drift logfile /var/log/ntp ntpsigndsocket /var/lib/samba/ntp_signd/ restrict default kod nomodify notrap nopeer mssntp restrict 127.0.0.1 restrict 0.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery restrict 1.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery
/var/lib/samba/ntp_signd
chgrp ntp /var/lib/samba/ntp_signd chmod g+rx /var/lib/samba/ntp_signd