Samba AD – Configurazione Samba

Procediamo alla configurazione di Samba come ADS; utilizzeremo BIND installato sulla stessa macchina come DNS server.

La prima operazione da fare è spostare il file di configurazione originale di samba (se esiste) per permettere al comando successivo di ricrearlo:

[root@srvads01  ~]# mv /etc/samba.conf /etc/samba.conf.orig

Effettuiamo il provisioning del dominio:

[root@srvads01  ~]# samba-tool domain provision --realm=anthesia.lan --domain=ANTHESIA \
                    --adminpass='MyPassword_00' --server-role=dc --dns-backend=BIND9_DLZ \
                    --function-level=2008_R2 --use-xattr=yes --host-ip=172.28.0.210
    Looking up IPv6 addresses
    No IPv6 address will be assigned
    Setting up secrets.ldb
    Setting up the registry
    Setting up the privileges database
    Setting up idmap db
    Setting up SAM db
    Setting up sam.ldb partitions and settings
    Setting up sam.ldb rootDSE
    Pre-loading the Samba 4 and AD schema
    Adding DomainDN: DC=anthesia,DC=lan
    Adding configuration container
    Setting up sam.ldb schema
    Setting up sam.ldb configuration data
    Setting up display specifiers
    Modifying display specifiers
    Adding users container
    Modifying users container
    Adding computers container
    Modifying computers container
    Setting up sam.ldb data
    Setting up well known security principals
    Setting up sam.ldb users and groups
    Setting up self join
    Adding DNS accounts
    Creating CN=MicrosoftDNS,CN=System,DC=anthesia,DC=lan
    Creating DomainDnsZones and ForestDnsZones partitions
    Populating DomainDnsZones and ForestDnsZones partitions
    See /var/lib/samba/private/named.conf for an example configuration include file for BIND
    and /var/lib/samba/private/named.txt for further documentation required for secure DNS updates
    Setting up sam.ldb rootDSE marking as synchronized
    Fixing provision GUIDs
    A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf
    Once the above files are installed, your Samba4 server will be ready to use
    Server Role:           active directory domain controller
    Hostname:              srvads01
    NetBIOS Domain:        ANTHESIA
    DNS Domain:            anthesia.lan
    DOMAIN SID:            S-1-5-21-2182935458-468370313-XXXXXXXXXX

Mettiamo a posto i file di configurazione di Kerberos:

[root@srvads01  ~]# mv /etc/krb5.conf /etc/krb5.conf.original
[root@srvads01  ~]# cp /var/lib/samba/private/krb5.conf /etc/krb5.conf

Permettiamo al servizio DNS di caricare il file /var/lib/samba/private/named.conf:

[root@srvads01  ~]# chgrp named /var/lib/samba/private/named.conf
[root@srvads01  ~]# chgrp named  /var/lib/samba/private/

Modifichiamo il file di default di startup di Sernet Samba; editiamo il file /etc/default/sernet-samba e cambiamo le seguenti righe:

SAMBA_START_MODE="ad"

A questo punto possiamo avviare sia samba che il DNS server:

[root@srvads01  ~]# chkconfig sernet-samba-ad on
[root@srvads01  ~]# service sernet-samba-ad start
[root@srvads01  ~]# systemctl start named

Testiamo se il DNS funziona correttamente:

[root@srvads01  ~]# host -t SRV _ldap._tcp.anthesia.lan
_ldap._tcp.anthesia.lan has SRV record 0 100 389 srvads01.anthesia.lan.

[root@srvads01  ~]# host -t SRV _kerberos._tcp.anthesia.lan
_kerberos._tcp.anthesia.lan has SRV record 0 100 88 srvads01.anthesia.lan.

[root@srvads01  ~]# host -t A srvads01.anthesia.lan.
srvads01.anthesia.lan has address 172.28.0.210

      ← Samba AD – Installazione DNS                                                                 Samba AD – Test →