Notepad:Samba: Difference between revisions
From Amar
Jump to navigationJump to search
(8 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
= Samba Set up = | = Samba Set up Single Computer = | ||
== Set up synchronized time == | == Set up synchronized time == | ||
Line 11: | Line 11: | ||
/etc/sysconfig/network | /etc/sysconfig/network | ||
HOSTNAME=xxxxxxx. | HOSTNAME=xxxxxxx.domain.tld | ||
You can dynamically change it with | You can dynamically change it with | ||
hostname xxxxxxx. | hostname xxxxxxx.domain.tld | ||
=== CentOS 7 === | |||
/etc/hostname contains name | |||
== hosts file MUST list the name different from localhost 127.0.0.1 == | == hosts file MUST list the name different from localhost 127.0.0.1 == | ||
Line 20: | Line 23: | ||
127.0.0.1 localhost.localdomain localhost | 127.0.0.1 localhost.localdomain localhost | ||
192.168.10.xxx xxxxxxxx. | 192.168.10.xxx xxxxxxxx.domain.tld | ||
192.168.10. | 192.168.10.yyy ad1.domain.tld | ||
== krb5 set up right == | == krb5 set up right == | ||
Line 32: | Line 35: | ||
[libdefaults] | [libdefaults] | ||
default_realm = | default_realm = DOMAIN.TLD | ||
dns_lookup_realm = false | dns_lookup_realm = false | ||
dns_lookup_kdc = false | dns_lookup_kdc = false | ||
[realms] | [realms] | ||
DOMAIN.TLD = { | |||
kdc = | kdc = ad1.domain.tld:88 | ||
admin_server = | admin_server = ad1.domain.tld:749 | ||
default_domain = | default_domain = domain.tld | ||
} | } | ||
[domain_realm] | [domain_realm] | ||
. | .domain.tld = DOMAIN.TLD | ||
domain.tld = DOMAIN.TLD | |||
[kdc] | [kdc] | ||
profile = /var/kerberos/krb5kdc/kdc.conf | profile = /var/kerberos/krb5kdc/kdc.conf | ||
Line 66: | Line 69: | ||
[global] | [global] | ||
workgroup = | workgroup = DOMAIN | ||
server string = dev01. | server string = dev01.domain.tld | ||
netbios name = | netbios name = dev01 | ||
hosts allow = 192.168.10. | hosts allow = 192.168.10. | ||
Line 84: | Line 87: | ||
security = ads | security = ads | ||
realm = | realm = DOMAIN.TLD | ||
client use spnego = yes | client use spnego = yes | ||
password server = | password server = ad1.domain.tld | ||
local master = no | local master = no | ||
Line 92: | Line 95: | ||
; preferred master = yes | ; preferred master = yes | ||
wins server = | wins server = ad1.domain.tld | ||
; wins proxy = yes | ; wins proxy = yes | ||
Line 109: | Line 112: | ||
service winbind restart | service winbind restart | ||
service smb restart | service smb restart | ||
service nmb restart | |||
net ads join -U Administrator | net ads join -U Administrator | ||
Line 134: | Line 138: | ||
getent group | getent group | ||
<nowiki>Jacques Approved !!</nowiki> | <nowiki>Jacques Approved !!</nowiki> | ||
= Samba Set up Active Directory = | |||
apt install samba bind9 winbind bind9utils krb5-user | |||
/etc/samba/smb.conf | |||
# Global parameters | |||
[global] | |||
netbios name = DNSAD | |||
realm = HQ.AMAR.COM | |||
server role = active directory domain controller | |||
workgroup = AMARHQ | |||
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate | |||
idmap_ldb:use rfc2307 = yes | |||
domain master = Yes | |||
wins support = Yes | |||
# wins server = 192.168.50.112 | |||
[sysvol] | |||
path = /var/lib/samba/sysvol | |||
read only = No | |||
[netlogon] | |||
path = /var/lib/samba/sysvol/hq.amar.com/scripts | |||
read only = No | |||
Disable Regular Samba and Enable samba-ad-dc | |||
systemctl unmask samba-ad-dc | |||
systemctl mask smd | |||
systemctl mask smbd | |||
systemctl mask nmbdd | |||
systemctl mask winbind | |||
systemctl mask systemd-resolved | |||
Configure /etc/krb5.com | |||
[realms] | |||
HQ.AMAR.COM = { | |||
kdc = kdc.hq.amar.com | |||
kdc = <ip> | |||
kdc = 192.168.50.143 | |||
kdc = 192.168.50.133 | |||
admin_server = <ip> | |||
# kdc.hq.amar.com | |||
default_domain = hq.amar.com | |||
} | |||
[domain_realm] | |||
.hq.amar.com = HQ.AMAR.COM | |||
hq.amar.com = HQ.AMAR.COM | |||
Extra Directories in /var/cache/bind | |||
dynamic | |||
stats | |||
{{Notepad}} | {{Notepad}} |
Latest revision as of 21:09, 27 February 2024
Samba Set up Single Computer
Set up synchronized time
/etc/ntpd.conf
service ntpd stop ntpdate time.nist.gov service ntpd.start
Hostname must contain the proper domain
/etc/sysconfig/network
HOSTNAME=xxxxxxx.domain.tld
You can dynamically change it with
hostname xxxxxxx.domain.tld
CentOS 7
/etc/hostname contains name
hosts file MUST list the name different from localhost 127.0.0.1
/etc/hosts
127.0.0.1 localhost.localdomain localhost 192.168.10.xxx xxxxxxxx.domain.tld 192.168.10.yyy ad1.domain.tld
krb5 set up right
/etc/krb5.conf
[logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = DOMAIN.TLD dns_lookup_realm = false dns_lookup_kdc = false [realms] DOMAIN.TLD = { kdc = ad1.domain.tld:88 admin_server = ad1.domain.tld:749 default_domain = domain.tld } [domain_realm] .domain.tld = DOMAIN.TLD domain.tld = DOMAIN.TLD
[kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true }
Run kinit
kinit Administrator
Configure Samba
/etc/smb.conf
[global] workgroup = DOMAIN server string = dev01.domain.tld netbios name = dev01 hosts allow = 192.168.10. encrypt passwords = yes guest ok = yes winbind enum users = yes winbind enum groups = yes winbind cache time = 10 # logs split per machine log file = /var/log/samba/%m.log # max 50KB per log file, then rotate max log size = 50 security = ads realm = DOMAIN.TLD client use spnego = yes password server = ad1.domain.tld local master = no ; os level = 33 ; preferred master = yes wins server = ad1.domain.tld ; wins proxy = yes ; dns proxy = yes #============================ Share Definitions ============================== idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind use default domain = no winbind separator = +
Join Domain
restart services to be sure
service winbind restart service smb restart service nmb restart net ads join -U Administrator
Modify nsswitch
/etc/nsswitch.conf
passwd: files winbind shadow: files group: files winbind protocols: files winbind rpc: files winbind services: files winbind
Run Services
restart services to be sure
service winbind restart service smb restart service nmb restart
Test
wbinfo -u wbinfo -g getent passwd getent group
Jacques Approved !!
Samba Set up Active Directory
apt install samba bind9 winbind bind9utils krb5-user
/etc/samba/smb.conf # Global parameters [global] netbios name = DNSAD realm = HQ.AMAR.COM server role = active directory domain controller workgroup = AMARHQ server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate idmap_ldb:use rfc2307 = yes domain master = Yes wins support = Yes # wins server = 192.168.50.112 [sysvol] path = /var/lib/samba/sysvol read only = No [netlogon] path = /var/lib/samba/sysvol/hq.amar.com/scripts read only = No
Disable Regular Samba and Enable samba-ad-dc
systemctl unmask samba-ad-dc systemctl mask smd systemctl mask smbd systemctl mask nmbdd systemctl mask winbind systemctl mask systemd-resolved
Configure /etc/krb5.com
[realms] HQ.AMAR.COM = { kdc = kdc.hq.amar.com kdc = <ip> kdc = 192.168.50.143 kdc = 192.168.50.133 admin_server = <ip> # kdc.hq.amar.com default_domain = hq.amar.com } [domain_realm] .hq.amar.com = HQ.AMAR.COM hq.amar.com = HQ.AMAR.COM
Extra Directories in /var/cache/bind
dynamic stats
← Back to Notepad
<insert>googlesearchwiki</insert> | <insert>paypal</insert> | <insert>analytics</insert> |