OPERATING SYSTEM : CENTOS 32 Bit
HOSTNAME : TEST.SAMBA.PDC
IP ADDRESS : ETH0 =172.16.120.20, ETH1=192.168.1.1
DOMAIN NAME : SAMBA
(“Bold letter shows configuration Changes “)
Go to the Website https://portal.enterprisesamba.com/ and make login to download the repo for latest release of the samba Package.
DISABLE THE SELINUX
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
DISABLE THE FIREWALL
STOP THE IPTABLES
[root@TEST ~]# service iptables stop
[root@TEST ~]# chkconfig iptables off
RESTART THE SYSTEM
(1) Edit the /etc/hosts file
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.120.20 TEST test TEST.SAMBA.PDC test.samba.pdc
If you have download the latest Sernet Samba Repo then start installing the samba.
My sernet Samba repo is as follows
[sernet-samba-4.1]
name=SerNet Samba 4.1 Packages (centos-6)
type=rpm-md
baseurl=https://starock07:l4jyhmNITqbKIB3kebxytGH8xX6T2T83@download.sernet.de/packages/samba/4.1/centos/6/
gpgcheck=1
gpgkey=https://starock07:l4jyhmNITqbKIB3kebxytGH8xX6T2T83@download.sernet.de/packages/samba/4.1/centos/6/repodata/repomd.xml.key
enabled=1
(2) Install the Samba Package
[root@TEST ~]# yum remove samba*
( Don’t worry about dependencies we will install it latter on )
[root@TEST ~]# yum install sernet-samba*
Now we will Configure Samba as Adc, I am using samba internal DNS Server just like in Windows ADC Server
[root@TEST ~]# samba-tool domain provision --interactive
(“OUTPUT “) I have pressed enter to take the Default parameter which its showing.
Realm [SAMBA.PDC]: (press Enter)
Domain [SAMBA]: (press Enter)
Server Role (dc, member, standalone) [dc]: (press Enter)
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: (press Enter)
DNS forwarder IP address (write 'none' to disable forwarding) [172.16.120.20]: 4.2.2.2
Administrator password: <your_secret_admin_password>
Retype password:
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=samba,DC=pdc
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=samba,DC=pdc
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf
Once the above files are installed, your Samba4 server will be ready to use
Server Role: active directory domain controller
Hostname: TEST
NetBIOS Domain: SAMBA
DNS Domain: samba.pdc
DOMAIN SID: S-1-5-21-1013895066-3265573293-3712696644
Now you can check the /etc/samba/smb.conf
Global parameters
[global]
workgroup = SAMBA
realm = SAMBA.PDC
netbios name = TEST
server role = active directory domain controller
dns forwarder = 4.2.2.2
[netlogon]
path = /var/lib/samba/sysvol/samba.pdc/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[root@TEST ~]# vi /etc/default/sernet-samba
# SAMBA_START_MODE defines how Samba should be started. Valid options are one of
# "none" to not enable it at all,
# "classic" to use the classic smbd/nmbd/winbind daemons
# "ad" to use the Active Directory server (which starts the smbd on its own)
# (Be aware that you also need to enable the services/init scripts that
# automatically start up the desired daemons.)
SAMBA_START_MODE="ad"
# SAMBA_RESTART_ON_UPDATE defines if the the services should be restarted when
# the RPMs are updated. Setting this to "yes" effectively enables the
# functionality of the try-restart parameter of the init scripts.
SAMBA_RESTART_ON_UPDATE="no"
# NMBD_EXTRA_OPTS may contain extra options that are passed as additional
# arguments to the nmbd daemon
NMBD_EXTRA_OPTS=""
# WINBINDD_EXTRA_OPTS may contain extra options that are passed as additional
# arguments to the winbindd daemon
WINBINDD_EXTRA_OPTS=""
# SMBD_EXTRA_OPTS may contain extra options that are passed as additional
# arguments to the smbd daemon
SMBD_EXTRA_OPTS=""
# SAMBA_EXTRA_OPTS may contain extra options that are passed as additional
# arguments to the samba daemon
SAMBA_EXTRA_OPTS=""
Now Start the Samba AD services
[root@TEST ~]# service sernet-samba-ad start
Starting SAMBA AD services : [ OK ]
[root@TEST ~]# service sernet-samba-ad status
Checking for SAMBA AD services : [ OK ]
You can Check that Samba Ldap working on port no 389
[root@TEST ~]# netstat -ntlup | grep 389
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 1423/samba
tcp 0 0 :::389 :::* LISTEN 1423/samba
udp 0 0 172.16.120.20:389 0.0.0.0:* 1424/samba
udp 0 0 0.0.0.0:389 0.0.0.0:* 1424/samba
udp 0 0 :::389 :::* 1424/samba
udp 0 0 :::38910 :::* 1130/rpc.statd
You can check the Samba Internal Ldap Server is working or not by using the ADC Administrator password (“ output is shorten”)
root@TEST ~]# ldbsearch -H "ldap://SAMBA.PDC" -U Administrator
Password for [SAMBA\Administrator]:
uSNChanged: 3561
showInAdvancedViewOnly: TRUE
name: S-1-5-17
objectGUID: c4226970-4f1f-4734-8975-4b7d978121dd
objectSid: S-1-5-17
objectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,DC=sa
mba,DC=pdc
memberOf: CN=IIS_IUSRS,CN=Builtin,DC=samba,DC=pdc
distinguishedName: CN=S-1-5-17,CN=ForeignSecurityPrincipals,DC=samba,DC=pdc
# Referral
ref: ldap://samba.pdc/CN=Configuration,DC=samba,DC=pdc
# Referral
ref: ldap://samba.pdc/DC=DomainDnsZones,DC=samba,DC=pdc
# Referral
ref: ldap://samba.pdc/DC=ForestDnsZones,DC=samba,DC=pdc
# returned 209 record
# 206 entries
# 3 referrals
Copy krb5 file to /etc/krb5
[root@TEST ~]# cp /var/lib/samba/private/krb5.conf /etc/
[root@TEST ~]# kinit administrator
Password for administrator@SAMBA.PDC:
Warning: Your password will expire in 41 days on Mon Nov 17 10:59:59 2014
[root@TEST ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@SAMBA.PDC
Valid starting Expires Service principal
10/06/14 11:30:43 10/06/14 21:30:43 krbtgt/SAMBA.PDC@SAMBA.PDC
renew until 10/07/14 11:30:39
To check the Users in Samba Ldap
[root@TEST ~]# wbinfo -u
Administrator
Guest
krbtgt
To check the Groups in Samba Ldap
[root@TEST ~]# wbinfo -g
Enterprise Read-Only Domain Controllers
Domain Admins
Domain Users
Domain Guests
Domain Computers
Domain Controllers
Schema Admins
Enterprise Admins
Group Policy Creator Owners
Read-Only Domain Controllers
DnsUpdateProxy
Samba4 is complete and Download Remote Server Administration Tools for windows for managing SAMBA PDC
For any Queries feel free to mail me at :
abhishek.verma7@gmail.com
No comments:
Post a Comment