Notepad:Samba
From Amar
Jump to navigationJump to search
Samba Set up Single Computer
Set up synchronized time
/etc/ntpd.conf
service ntpd stop ntpdate time.nist.gov service ntpd.start
Hostname must contain the proper domain
/etc/sysconfig/network
HOSTNAME=xxxxxxx.domain.tld
You can dynamically change it with
hostname xxxxxxx.domain.tld
CentOS 7
/etc/hostname contains name
hosts file MUST list the name different from localhost 127.0.0.1
/etc/hosts
127.0.0.1 localhost.localdomain localhost 192.168.10.xxx xxxxxxxx.domain.tld 192.168.10.yyy ad1.domain.tld
krb5 set up right
/etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = DOMAIN.TLD
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
DOMAIN.TLD = {
kdc = ad1.domain.tld:88
admin_server = ad1.domain.tld:749
default_domain = domain.tld
}
[domain_realm]
.domain.tld = DOMAIN.TLD
domain.tld = DOMAIN.TLD
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
}
Run kinit
kinit Administrator
Configure Samba
/etc/smb.conf
[global]
workgroup = DOMAIN
server string = dev01.domain.tld
netbios name = dev01
hosts allow = 192.168.10.
encrypt passwords = yes
guest ok = yes
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 10
# logs split per machine
log file = /var/log/samba/%m.log
# max 50KB per log file, then rotate
max log size = 50
security = ads
realm = DOMAIN.TLD
client use spnego = yes
password server = ad1.domain.tld
local master = no
; os level = 33
; preferred master = yes
wins server = ad1.domain.tld
; wins proxy = yes
; dns proxy = yes
#============================ Share Definitions ==============================
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
winbind use default domain = no
winbind separator = +
Join Domain
restart services to be sure
service winbind restart service smb restart service nmb restart net ads join -U Administrator
Modify nsswitch
/etc/nsswitch.conf
passwd: files winbind shadow: files group: files winbind protocols: files winbind rpc: files winbind services: files winbind
Run Services
restart services to be sure
service winbind restart service smb restart service nmb restart
Test
wbinfo -u wbinfo -g getent passwd getent group
Jacques Approved !!
Samba Set up Active Directory
apt install samba bind9 winbind bind9utils krb5-user
/etc/samba/smb.conf # Global parameters [global] netbios name = DNSAD realm = HQ.AMAR.COM server role = active directory domain controller workgroup = AMARHQ server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate idmap_ldb:use rfc2307 = yes domain master = Yes wins support = Yes # wins server = 192.168.50.112 [sysvol] path = /var/lib/samba/sysvol read only = No [netlogon] path = /var/lib/samba/sysvol/hq.amar.com/scripts read only = No
Disable Regular Samba and Enable samba-ad-dc
systemctl unmask samba-ad-dc systemctl mask smd systemctl mask smbd systemctl mask nmbdd systemctl mask winbind systemctl mask systemd-resolved
Configure /etc/krb5.com
[realms]
HQ.AMAR.COM = {
kdc = kdc.hq.amar.com
kdc = <ip>
kdc = 192.168.50.143
kdc = 192.168.50.133
admin_server = <ip>
# kdc.hq.amar.com
default_domain = hq.amar.com
}
[domain_realm]
.hq.amar.com = HQ.AMAR.COM
hq.amar.com = HQ.AMAR.COM
Extra Directories in /var/cache/bind
dynamic stats
← Back to Notepad
| <insert>googlesearchwiki</insert> | <insert>paypal</insert> | <insert>analytics</insert> |
