close

 

網路上有教如何安裝 ...但中文的比較少 ...裝裝看 .....用 SAMBA 的 DNS 就不用 bind9 了

先裝 套件 ......

apt-get update
apt-get upgrade

apt-get dist-upgrade

apt-get install 這些套件
attr build-essential libacl1-dev libattr1-dev 
libblkid-dev libgnutls-dev libreadline-dev python-dev libpam0g-dev 
python-dnspython gdb pkg-config libpopt-dev libldap2-dev
dnsutils libbsd-dev attr krb5-user docbook-xsl libcups2-dev acl ntp ntpdate

libnss-winbind* libpam-winbind* samba* winbind* smbclient

 

設 ip .../etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
#auto ens192
auto ens160
iface ens160 inet static
        address 192.168.0.68
        netmask 255.255.255.0
        network 192.168.0.0
        broadcast 192.168.0.255
        gateway 192.168.0.2
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 192.168.0.63
        dns-search tw2.ad
 

主機名稱 /etc/hostname

linux-ad1
 

/etc/hosts

127.0.0.1       localhost
192.168.0.68    linux-ad1.tw3.ad        linux-ad1
192.168.0.69    linux-ad2.tw3.ad        linux-ad2

NTP對時  :

service ntp stop
ntpdate -B 0.ubuntu.pool.ntp.org
service ntp start

SAMBA 設定移除 ...加入AD時會自動產生

 rm -rf  /etc/samba/smb.conf

Kerberos設定
rm -rf /etc/krb5.conf
ln -sf /var/lib/samba/private/krb5.conf /etc/krb5.conf

krb5.conf  設定
[libdefaults]
    default_realm = TW2.AD
    dns_lookup_realm = false
    dns_lookup_kdc = true

區在設定

dpkg-reconfigure tzdata

停用  apparmor (這有點像 selinux 安全控管 ...但更細)
update-rc.d -f apparmor remove

 

加入網域

 samba-tool domain join tw2.ad DC -U"TW2/Administrator"

出現

Finding a writeable DC for domain 'tw2.ad'
Found DC TW2-AD2.TW2.AD
Password for [TW2\Administrator]:
workgroup is TW2
realm is TW2.AD
checking sAMAccountName
Adding CN=LINUX-AD1,OU=Domain Controllers,DC=TW2,DC=AD
Adding CN=LINUX-AD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=TW2,DC=AD
Adding CN=NTDS Settings,CN=LINUX-AD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=TW2,DC=AD
Adding SPNs to CN=LINUX-AD1,OU=Domain Controllers,DC=TW2,DC=AD
Setting account password for LINUX-AD1$
Enabling account
Calling bare provision
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf
Provision OK for domain DN DC=TW2,DC=AD
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=TW2,DC=AD] objects[402] linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=TW2,DC=AD] objects[804] linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=TW2,DC=AD] objects[1206] linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=TW2,DC=AD] objects[1608] linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=TW2,DC=AD] objects[1743] linked_values[0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=TW2,DC=AD] objects[402] linked_values[0]
Partition[CN=Configuration,DC=TW2,DC=AD] objects[804] linked_values[0]
Partition[CN=Configuration,DC=TW2,DC=AD] objects[1206] linked_values[0]
Partition[CN=Configuration,DC=TW2,DC=AD] objects[1608] linked_values[0]
Partition[CN=Configuration,DC=TW2,DC=AD] objects[1772] linked_values[22]
Replicating critical objects from the base DN of the domain
Partition[DC=TW2,DC=AD] objects[109] linked_values[23]
Partition[DC=TW2,DC=AD] objects[398] linked_values[26]
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=TW2,DC=AD
Partition[DC=DomainDnsZones,DC=TW2,DC=AD] objects[62] linked_values[0]
Replicating DC=ForestDnsZones,DC=TW2,DC=AD
Partition[DC=ForestDnsZones,DC=TW2,DC=AD] objects[21] linked_values[0]
Committing SAM database
descriptor_sd_propagation_recursive: DC=DomainDnsZones,DC=TW2,DC=AD not found under DC=TW2,DC=AD
descriptor_sd_propagation_recursive: DC=ForestDnsZones,DC=TW2,DC=AD not found under DC=TW2,DC=AD
Sending DsReplicaUpdateRefs for all the replicated partitions
Setting isSynchronized and dsServiceName
Setting up secrets database
Joined domain TW2 (SID S-1-5-21-905306403-1332549036-4142296607) as a DC
 

 

修改 SAMBA 的 /etc/samba/smb.conf ...讓 DNS 可查外部

(那段 dns recursive queries = yes 及 dns forwarder = 8.8.8.8)

[global]     

        workgroup = TW2
        realm = TW2.AD
        netbios name = LINUX-AD1
        server role = active directory domain controller
        dns recursive queries = yes
        dns forwarder = 8.8.8.8
 

[netlogon]
        path = /var/lib/samba/sysvol/tw3.ad/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No
 

 

設定  Kerberos 密碼

kinit administrator@TW4.AD (Domain 要大寫)

輸入AD的 administrator 密碼

Kerberos 確認

輸入 klist -e 會看到 Kerberos 認證資訊

 

arrow
arrow
    全站熱搜
    創作者介紹
    創作者 echochio 的頭像
    echochio

    echochio

    echochio 發表在 痞客邦 留言(0) 人氣()