Sernet Suse

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen

preparation

/etc/resolv.conf

nameserver 192.168.240.200
search xinux.lan

/etc/hostname

gondor.xinux.org

/etc/hosts

127.0.0.1       localhost
192.168.240.200 gondor gondor.xinux.org

/etc/network/interfaces

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
 address 192.168.240.200
 netmask 255.255.248.0
 gateway 192.168.240.100
 dns-nameservers 192.168.240.200
 dns-search xinux.org

create an account

https://portal.enterprisesamba.com/

add this to /etc/apt/source.list

change USERNAME and ACCESSKEY 

deb http://USERNAME:ACCESSKEY@download.sernet.de/packages/samba/4.1/debian squeeze main
deb-src http://USERNAME:ACCESSKEY@download.sernet.de/packages/samba/4.1/debian squeeze main

The SerNet build key

wget http://ftp.sernet.de/pub/sernet-samba-keyring_1.4_all.deb
dpkg -i sernet-samba-keyring_1.4_all.deb

update

apt-get update

install

apt-get install sernet-samba-ad

clean

rm /etc/samba/smb.conf /var/lib/samba/private/sam.ldb

provision

samba-tool domain provision

change in /etc/default/sernet-samba

SAMBA_START_MODE="ad"

start samba ad

service sernet-samba-ad start 
Starting SAMBA AD services :  *

test share

smbclient -L localhost -U%

test the serverports

netstat -ltp 

Aktive Internetverbindungen (Nur Server)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 *:domain                *:*                     LISTEN      2579/samba      
tcp        0      0 *:kerberos              *:*                     LISTEN      2573/samba      
tcp        0      0 *:8472                  *:*                     LISTEN      790/sshd        
tcp        0      0 *:ldaps                 *:*                     LISTEN      2571/samba      
tcp        0      0 *:microsoft-ds          *:*                     LISTEN      2570/smbd       
tcp        0      0 *:1024                  *:*                     LISTEN      2567/samba      
tcp        0      0 *:3268                  *:*                     LISTEN      2571/samba      
tcp        0      0 *:3269                  *:*                     LISTEN      2571/samba      
tcp        0      0 *:ldap                  *:*                     LISTEN      2571/samba      
tcp        0      0 *:loc-srv               *:*                     LISTEN      2567/samba      
tcp        0      0 *:netbios-ssn           *:*                     LISTEN      2570/smbd       
tcp        0      0 *:kpasswd               *:*                     LISTEN      2573/samba      
tcp6       0      0 [::]:domain             [::]:*                  LISTEN      2579/samba      
tcp6       0      0 [::]:kerberos           [::]:*                  LISTEN      2573/samba      
tcp6       0      0 [::]:8472               [::]:*                  LISTEN      790/sshd        
tcp6       0      0 [::]:ldaps              [::]:*                  LISTEN      2571/samba      
tcp6       0      0 [::]:microsoft-ds       [::]:*                  LISTEN      2570/smbd       
tcp6       0      0 [::]:1024               [::]:*                  LISTEN      2567/samba      
tcp6       0      0 [::]:3268               [::]:*                  LISTEN      2571/samba      
tcp6       0      0 [::]:3269               [::]:*                  LISTEN      2571/samba      
tcp6       0      0 [::]:ldap               [::]:*                  LISTEN      2571/samba      
tcp6       0      0 [::]:loc-srv            [::]:*                  LISTEN      2567/samba      
tcp6       0      0 [::]:netbios-ssn        [::]:*                  LISTEN      2570/smbd       
tcp6       0      0 [::]:kpasswd            [::]:*                  LISTEN      2573/samba

test dns

DOMAIN="xinux.org"
CONTROLLER="gondor"

ldap

host -t SRV _ldap._tcp.$DOMAIN
_ldap._tcp.xinux.org has SRV record 0 100 389 gondor.xinux.org.

kerberos

host -t SRV _kerberos._udp.$DOMAIN
_kerberos._udp.xinux.org has SRV record 0 100 88 gondor.xinux.org.

hostname

host -t A $CONTROLLER.$DOMAIN
gondor.xinux.org has address 192.168.240.200

nsswitch

change /etc/nsswitch.conf

passwd:         compat winbind
group:          compat winbind

test passwd

getent passwd | grep XINUX

XINUX\Administrator:*:0:100::/home/XINUX/Administrator:/bin/false
XINUX\Guest:*:3000011:3000012::/home/XINUX/Guest:/bin/false
XINUX\krbtgt:*:3000016:100::/home/XINUX/krbtgt:/bin/false

test group

getent group | grep XINUX

XINUX\Enterprise Read-Only Domain Controllers:*:3000017:
XINUX\Domain Admins:*:3000008:
XINUX\Domain Users:*:100:
XINUX\Domain Guests:*:3000012:
XINUX\Domain Computers:*:3000018:
XINUX\Domain Controllers:*:3000019:
XINUX\Schema Admins:*:3000007:
XINUX\Enterprise Admins:*:3000006:
XINUX\Group Policy Creator Owners:*:3000004:
XINUX\Read-Only Domain Controllers:*:3000020:
XINUX\DnsUpdateProxy:*:3000021:

kerberos

install heimdal-clients

apt-get install heimdal-clients

copy config

cp /var/lib/samba/private/krb5.conf /etc/krb5.conf

test kerberos

kinit

kinit Administrator

Administrator@XINUX.ORG's Password:

klist

klist

Credentials cache: FILE:/tmp/krb5cc_0
        Principal: Administrator@XINUX.ORG

  Issued                Expires               Principal
Jun 25 14:31:42 2014  Jun 26 00:31:34 2014  krbtgt/XINUX.ORG@XINUX.ORG

ldap

test over ldapserver localhost

ldbsearch -H ldaps://localhost  "cn=administrator" -U administrator

timeserver

install

apt-get install ntp

/etc/ntp.conf

server 127.127.1.0
fudge 127.127.1.0 stratum 10
server 0.pool.ntp.org iburst prefer
server 1.pool.ntp.org iburst prefer
driftfile /var/lib/ntp/ntp.drift
logfile /var/log/ntp
ntpsigndsocket /var/lib/samba/ntp_signd/
restrict default kod nomodify notrap nopeer mssntp
restrict 127.0.0.1
restrict 0.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery
restrict 1.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery

/var/lib/samba/ntp_signd

chgrp ntp /var/lib/samba/ntp_signd
chmod g+rx /var/lib/samba/ntp_signd

Usermanagment

Abgerufen von „http://wiki.ixheim.de/index.php?title=Sernet_Suse&oldid=11706