SAMBA 4 PDC WITH BIND FLATFILE BACKEND IN CENTOS 6.7

CENTOS 6.7 : SAMBA PDC WITH BIND 
BACKEND (FLAT FILE)

HOSTNAME : DC.EXAMPLE
ETH0 IP : 172.16.120.20
DNS : 172.16.120.20,4.2.2.2
DOMAIN NAME : EXAMPLE.PDC

PACKAGE REQUIRED :
SERNET SAMBA
BIND
CLIENT MACHINE :WINDOWS 7
IP ADDRESS : 172.16.120.149
GATEWAY : 172.16.120.20
DNS : 172.16.120.20

( ) : COMMENTS



(1) UPDATE THE SERVER

[root@DC Desktop]# yum update -y

(2) STOP THE IPTABLES AND DISABLE THE SELINUX 

[root@DC Desktop]# service iptables stop

iptables: Setting chains to policy ACCEPT: filter [ OK ]

iptables: Flushing firewall rules: [ OK ]

iptables: Unloading modules: [ OK ]

[root@DC Desktop]# chkconfig iptables off

[root@DC Desktop]# gedit /etc/selinux/config

###################################
Set :
SELINUX=disabled
##################################

(3) REBOOT THE SYSTEM

(4) MAKE SERNET SAMBA REPO OR YOU CAN DOWNLOAD FROM

https://portal.enterprisesamba.com/ or you can copy the content of repo and paste it in your file
and save the file

[root@DC Desktop]# gedit /etc/yum.repos.d/sernet4.2.repo
(REPO CONTENT )
############################################################################
[sernet-samba-4.2]

name=SerNet Samba 4.2 Packages (rhel-6)

type=rpm-md

baseurl=https://starock07:l4jyhmNITqbKIB3kebxytGH8xX6T2T83@download.sernet.de/packages/samba/4.2/centos/6/

gpgcheck=1

gpgkey=https://starock07:l4jyhmNITqbKIB3kebxytGH8xX6T2T83@download.sernet.de/packages/samba/4.2/centos/6/repodata/repomd.xml.key

enabled=1
##############################################################################

(5) INSTALL SERNET SAMBA AND BIND

[root@DC Desktop]# yum install sernet-samba* bind*

(6) NOW CONFIGURE SAMBA AS PDC REALM AS EXAMPLE.PDC AND PRESS ENTER TO TAKE DEFAULT VALUES AND IN DNS SECTION TYPE BIND9_FLATFILE

[root@DC Desktop]# samba-tool domain provision --interactive

#####################################################################
samba-tool domain provision --interactive

No nameserver found in /etc/resolv.conf

Realm [EXAMPLE]: EXAMPLE.PDC

Domain [EXAMPLE]:

Server Role (dc, member, standalone) [dc]:

DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: BIND9_FLATFILE

Administrator password:

Retype password:

Looking up IPv4 addresses
Looking up IPv6 addresses

No IPv6 address will be assigned

Setting up share.ldb

Setting up secrets.ldb

Setting up the registry

Setting up the privileges database

Setting up idmap db

Setting up SAM db

Setting up sam.ldb partitions and settings

Setting up sam.ldb rootDSE

Pre-loading the Samba 4 and AD schema

Adding DomainDN: DC=example,DC=pdc

Adding configuration container

Setting up sam.ldb schema

Setting up sam.ldb configuration data

Setting up display specifiers

Modifying display specifiers

Adding users container

Modifying users container

Adding computers container

Modifying computers container

Setting up sam.ldb data

Setting up well known security principals

Setting up sam.ldb users and groups

Setting up self join

Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=example,DC=pdc

rndc: neither /etc/rndc.conf nor /etc/rndc.key was found

rndc: neither /etc/rndc.conf nor /etc/rndc.key was found

See /var/lib/samba/private/named.conf for an example configuration include file for BIND

and /var/lib/samba/private/named.txt for further documentation required for secure DNS updates

Setting up sam.ldb rootDSE marking as synchronized

Fixing provision GUIDs

A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf

Once the above files are installed, your Samba4 server will be ready to use

Server Role: active directory domain controller

Hostname: DC

NetBIOS Domain: EXAMPLE

DNS Domain: example.pdc

DOMAIN SID: S-1-5-21-2402101096-2873600836-545368040

###########################################################################


(7) EDIT THE THE FILE IN /etc/default/sernet-samba SAVE THE THE FILE AND START THE SERVICE

[root@DC Desktop]# gedit /etc/default/sernet-samba

###################################################
SAMBA_START_MODE="ad" (CHANGE NONE TO AD )
################################################

[root@DC Desktop]# service sernet-samba-ad start

Starting SAMBA AD services : [ OK ]

TO CHECK TYPE THE COMMAND

[root@DC Desktop]# smbclient -L localhost -U%

OUTPUT
############################################################################

Domain=[LINUX] OS=[Windows 6.1] Server=[Samba 4.2.3-SerNet-RedHat-18.el6]
Sharename Type Comment

--------- ---- -------

netlogon Disk

sysvol Disk

IPC$ IPC IPC Service (Samba 4.2.3-SerNet-RedHat-18.el6)

Domain=[LINUX] OS=[Windows 6.1] Server=[Samba 4.2.3-SerNet-RedHat-18.el6]

Server                                           Comment

---------                                             -------

Workgroup                                     Master

---------                                                -------

NOW CONFIGURE THE BIND FOR SAMBA

(8) CHROOT ENVIRONMENT HAS TO BE DISABLE SO MAKE CONFIGIRATION CHANGES


[root@DC Desktop]# gedit /etc/sysconfig/named

############################################
#ROOTDIR=/var/named/chroot (COMMENT THIS LINE)
NAMED_RUN_CHROOTED="no" (ADD THIS LINE )
##############################################
[root@DC Desktop]# gedit /etc/named.conf

###############################################################################
options {

listen-on port 53 { 127.0.0.1;172.16.120.20; };

#listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { localhost;172.16.120.0/22;};

recursion yes;
dnssec-enable yes;

dnssec-validation yes;

dnssec-lookaside auto;



/* Path to ISC DLV key */

bindkeys-file "/etc/named.iscdlv.key";



managed-keys-directory "/var/named/dynamic";

};



logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

};



zone "." IN {

type hint;

file "named.ca";

};

include "/var/lib/samba/private/named.conf";
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

##########################################################################

(9) CHAGE THE GROUP OF FOLDER /var/lib/samba/private TO NAMED AND GIVE 

FOLDER ACCESS TO ACCESS FILE AND ACCESS FILES TO READ ONLY


[root@DC Desktop]# chgrp named /var/lib/samba/private
[root@DC Desktop]# chmod g+rx /var/lib/samba/private

or Right Click on the folder and click on the permission tab 


[root@DC Desktop]# service named start

Starting named:                                 [ OK ]

(10)
[root@DC Desktop]# host -t SRV _ldap._tcp.EXAMPLE.PDC.

##############################################################
_ldap._tcp.EXAMPLE.PDC has SRV record 0 100 389 DC.EXAMPLE.PDC.
(OUTPUT)
##############################################################

[root@DC Desktop]# host -t SRV _kerberos._udp.EXAMPLE.PDC.

##################################################################
_kerberos._udp.EXAMPLE.PDC has SRV record 0 100 88 DC.EXAMPLE.PDC.
(OUTPUT)
##################################################################
[root@DC Desktop]# host -t A EXAMPLE.PDC

############################################
EXAMPLE.PDC has address 172.16.120.20
(OUTPUT)
#############################################

(11) JOIN THE DOMAIN ON WINDOWS 7 MACHINE 


IF DNS ERROR COMES TRY TO RUN NSLOOKUP COMMAND



nslookup example.pdc




FEEL FREE TO MAIL ME AT :


abhishek.verma7@gmail.com


No comments:

Post a Comment

Subscribe to: Posts (Atom)