Notepad:Samba: Difference between revisions

From Amar Wiki
← Older edit
VisualWikitext
 
(One intermediate revision by the same user not shown)
Line 140: Line 140:


= Samba Set up Active Directory =
= Samba Set up Active Directory =
  apt install samba bind9 winbind bind9utils
  apt install samba bind9 winbind bind9utils krb5-user


  /etc/samba/smb.conf
  /etc/samba/smb.conf
Line 164: Line 164:
     read only = No
     read only = No


Disable Regular Samba and Enable samba-ad-dc
systemctl unmask samba-ad-dc
systemctl mask smd
systemctl mask smbd
systemctl mask nmbdd
systemctl mask winbind
systemctl mask systemd-resolved


Configure /etc/krb5.com
[realms]
    HQ.AMAR.COM = {
        kdc = kdc.hq.amar.com
        kdc = <ip>
        kdc = 192.168.50.143
        kdc = 192.168.50.133
        admin_server = <ip>
        # kdc.hq.amar.com
        default_domain = hq.amar.com
    }
   
    [domain_realm]
        .hq.amar.com = HQ.AMAR.COM
        hq.amar.com = HQ.AMAR.COM
Extra Directories in /var/cache/bind
  dynamic
  stats


{{Notepad}}
{{Notepad}}

Latest revision as of 21:09, 27 February 2024

Samba Set up Single Computer

Set up synchronized time

/etc/ntpd.conf

service ntpd stop
ntpdate time.nist.gov
service ntpd.start

Hostname must contain the proper domain

/etc/sysconfig/network

HOSTNAME=xxxxxxx.domain.tld

You can dynamically change it with 

hostname xxxxxxx.domain.tld

CentOS 7

/etc/hostname contains name

hosts file MUST list the name different from localhost 127.0.0.1

/etc/hosts

127.0.0.1               localhost.localdomain localhost
192.168.10.xxx          xxxxxxxx.domain.tld
192.168.10.yyy           ad1.domain.tld

krb5 set up right

/etc/krb5.conf

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = DOMAIN.TLD
 dns_lookup_realm = false
 dns_lookup_kdc = false

[realms]
 DOMAIN.TLD = {
 kdc = ad1.domain.tld:88
 admin_server = ad1.domain.tld:749
 default_domain = domain.tld
}

[domain_realm]
 .domain.tld = DOMAIN.TLD
 domain.tld = DOMAIN.TLD

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
}

Run kinit

 kinit Administrator

Configure Samba

/etc/smb.conf

[global]

       workgroup = DOMAIN
       server string = dev01.domain.tld
       netbios name = dev01
       hosts allow = 192.168.10.

       encrypt passwords = yes
       guest ok = yes
       winbind enum users = yes
       winbind enum groups = yes
       winbind cache time = 10


       # logs split per machine
       log file = /var/log/samba/%m.log
       # max 50KB per log file, then rotate
       max log size = 50

       security = ads
       realm = DOMAIN.TLD
       client use spnego = yes
       password server = ad1.domain.tld

       local master = no
;       os level = 33
;       preferred master = yes

       wins server = ad1.domain.tld
;       wins proxy = yes

;       dns proxy = yes

#============================ Share Definitions ==============================

  idmap uid = 16777216-33554431
  idmap gid = 16777216-33554431
  template shell = /bin/false
  winbind use default domain = no
  winbind separator = +

Join Domain

restart services to be sure 

service winbind restart
service smb restart
service nmb restart

net ads join -U Administrator

Modify nsswitch

/etc/nsswitch.conf 

passwd:     files winbind
shadow:     files
group:      files winbind
protocols:  files winbind
rpc:        files winbind
services:   files winbind

Run Services

restart services to be sure 

service winbind restart
service smb restart
service nmb restart

Test

wbinfo -u
wbinfo -g
getent passwd
getent group

Jacques Approved !!

Samba Set up Active Directory

apt install samba bind9 winbind bind9utils krb5-user

/etc/samba/smb.conf
# Global parameters
[global]
   netbios name = DNSAD
   realm = HQ.AMAR.COM
   server role = active directory domain controller
   workgroup = AMARHQ

   server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
   idmap_ldb:use rfc2307 = yes
   domain master = Yes
   wins support = Yes
   # wins server = 192.168.50.112
 
 [sysvol]
   path = /var/lib/samba/sysvol
   read only = No
 
[netlogon]
   path = /var/lib/samba/sysvol/hq.amar.com/scripts
   read only = No

Disable Regular Samba and Enable samba-ad-dc 

systemctl unmask samba-ad-dc
systemctl mask smd
systemctl mask smbd
systemctl mask nmbdd
systemctl mask winbind
systemctl mask systemd-resolved

Configure /etc/krb5.com 

[realms]
   HQ.AMAR.COM = {
       kdc = kdc.hq.amar.com
       kdc = <ip>
       kdc = 192.168.50.143
       kdc = 192.168.50.133
       admin_server = <ip>
       # kdc.hq.amar.com
       default_domain = hq.amar.com
    }
   
   [domain_realm]
       .hq.amar.com = HQ.AMAR.COM
       hq.amar.com = HQ.AMAR.COM

Extra Directories in /var/cache/bind 

 dynamic
 stats

← Back to Notepad

© 2000-2025 Jacques Amar Amar Micro Inc.
Retrieved from "https://wiki.amar.com/index.php?title=Notepad:Samba&oldid=426"