Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ##############################/usr/local/samba/etc/smb.conf##################################
- [global]
- workgroup = MTOLYMPUS
- realm = MTOLYMPUS.LOCAL
- netbios name = SERVER
- server role = active directory domain controller
- server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate
- interfaces = eth2 lo
- bind interfaces only = Yes
- [netlogon]
- path = /usr/local/samba/var/locks/sysvol/mtolympus.local/scripts
- read only = No
- [sysvol]
- path = /usr/local/samba/var/locks/sysvol
- read only = No
- #############################/usr/local/samba/private/krb5.conf (SAME AS /etc/krb5.conf)######################################
- [logging]
- default = FILE:/var/log/krb5libs.log
- kdc = FILE:/var/log/krb5kdc.log
- admin_server = FILE:/var/log/kadmind.log
- [libdefaults]
- default_realm = MTOLYMPUS.LOCAL
- dns_lookup_realm = true
- dns_lookup_kdc = true
- check-ticket-addresses = false
- forwardable = true
- [realms]
- MTOLYMPUS.LOCAL = {
- kdc = server.MTOLYMPUS.LOCAL
- admin_server = server.MTOLYMPUS.LOCAL
- default_domain = MTOLYMPUS.LOCAL
- }
- [domain_realm]
- .mtolympus.local = MTOLYMPUS.LOCAL
- mtolympus.local = MTOLYMPUS.LOCAL
- ###############################################/etc/named.conf######################################################
- //
- // named.conf
- //
- // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
- // server as a caching only nameserver (as a localhost DNS resolver only).
- //
- // See /usr/share/doc/bind*/sample/ for example named configuration files.
- //
- options {
- listen-on port 53 { any; };
- listen-on-v6 port 53 { ::1; };
- auth-nxdomain yes;
- directory "/var/named";
- dump-file "/var/named/data/cache_dump.db";
- statistics-file "/var/named/data/named_stats.txt";
- memstatistics-file "/var/named/data/named_mem_stats.txt";
- forwarders { 8.8.8.8; 172.20.2.1; 209.18.47.61; 209.18.47.62; };
- // dnssec-enable no;
- // dnssec-validation no;
- // bindkeys-file "/etc/named.iscdlv.key";
- // managed-keys-directory "/var/named/dynamic";
- allow-query { any; };
- tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
- allow-recursion { localhost; 127.0.0.1; 127.0.1.1; 127.0.0.0/24; 192.168.1.0/24; 172.20.2.0/24; 10.1.150.0/24; 10.0.0.0/24; 10.0.1.0/24; 10.0.2.0/24; 10.0.3.0/24; 10.0.4.0/24; 10.0.5.0/24; 10.0.6.0/24; 10.0.7.0/24; 10.0.8.0/24; 10.0.9.0/24; 10.0.10.0/24; };
- allow-update { 10.0.0.106; 10.0.6.1; 10.0.6.101; localhost; 127.0.0.1; 127.0.1.1; 127.0.0.0/24; 10.0.0.0/8; };
- };
- logging {
- channel default_debug {
- file "data/named.run";
- severity dynamic;
- };
- };
- zone "." IN {
- type hint;
- file "named.ca";
- };
- zone "MYEXTERNALDOMAIN.NET" IN {
- type master;
- file "/var/named/zones/external.MYEXTERNALDOMAIN.NET.db";
- };
- include "/etc/named.rfc1912.zones";
- include "/etc/named.root.key";
- include "/usr/local/samba/private/named.conf";
- #########################################/usr/local/samba/private PERMISSION#######################################
- [root@server private]# ls -al
- total 11668
- drwxr-xr-x 7 root root 4096 Jun 1 23:25 .
- drwxr-xr-x 11 root root 4096 Jun 1 19:47 ..
- drwxrwxr-x 3 named named 4096 Jun 1 19:47 dns
- -rw-r----- 1 named named 807 Jun 1 19:47 dns.keytab
- -rw-r--r-- 1 root root 2270 Jun 1 19:47 dns_update_list
- -rw------- 1 root root 1286144 Jun 1 19:47 hklm.ldb
- -rw------- 1 root root 1609728 Jun 1 21:09 idmap.ldb
- -rw-r--r-- 1 root root 490 Jun 1 22:25 krb5.conf
- -rw-r--r-- 1 root root 127 Jun 1 21:02 krb5.conf.backup
- srwxrwxrwx 1 root root 0 Jun 1 22:57 ldapi
- drwxr-x--- 2 root root 4096 Jun 1 22:57 ldap_priv
- -rw-r--r-- 1 named named 555 Jun 1 22:15 named.conf
- -rw-r--r-- 1 root root 555 Jun 1 22:13 named.conf.old
- -r--r--r-- 1 named named 234 Jun 1 20:01 named.conf.update
- -rw-r--r-- 1 named named 2212 Jun 1 19:47 named.txt
- -rw------- 1 root root 1286144 Jun 1 19:47 privilege.ldb
- -rw------- 1 root root 696 Jun 1 20:01 randseed.tdb
- -rw------- 1 root root 4251648 Jun 1 19:47 sam.ldb
- drwxr-x--- 2 root named 4096 Jun 1 19:47 sam.ldb.d
- -rw------- 1 root root 438272 Jun 1 22:57 schannel_store.tdb
- -rw------- 1 root root 1167 Jun 1 19:47 secrets.keytab
- -rw------- 1 root root 1286144 Jun 1 19:47 secrets.ldb
- -rw------- 1 root root 430080 Jun 1 22:57 secrets.tdb
- -rw------- 1 root root 1286144 Jun 1 19:47 share.ldb
- drwxr-xr-x 3 root root 4096 Jun 1 20:01 smbd.tmp
- -rw-r--r-- 1 root root 955 Jun 1 19:47 spn_update_list
- drwxr-xr-x 2 root root 4096 Jun 1 20:01 tls
- [root@server private]#
- ####################################################/etc/ntp.conf########################################################
- [root@server samba]# cat /etc/ntp.conf
- server 127.127.1.0
- fudge 127.127.1.0 stratum 10
- server 0.pool.ntp.org iburst prefer
- server 1.pool.ntp.org iburst prefer
- driftfile /var/lib/ntp/ntp.drift
- logfile /var/log/ntp
- ntpsigndsocket /usr/local/samba/var/lib/ntp_signd/
- restrict default kod nomodify notrap nopeer mssntp
- restrict 127.0.0.1
- restrict 0.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery
- restrict 1.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery
- ##########################################/usr/local/samba/private/named.conf################################################
- [root@server private]# cat named.conf
- # This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen support.
- #
- # This file should be included in your main BIND configuration file
- #
- # For example with
- # include "/usr/local/samba/private/named.conf";
- #
- # This configures dynamically loadable zones (DLZ) from AD schema
- # Uncomment only single database line, depending on your BIND version
- #
- dlz "AD DNS Zone" {
- # For BIND 9.8.0
- database "dlopen /usr/local/samba/lib/bind9/dlz_bind9.so";
- # For BIND 9.9.0
- # database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_9.so";
- };
- #######################################/usr/local/samba/private/named.conf.update#################################################
- [root@server private]# cat named.conf.update
- /* this file is auto-generated - do not edit */
- update-policy {
- grant MTOLYMPUS.LOCAL ms-self * A AAAA;
- grant Administrator@MTOLYMPUS.LOCAL wildcard * A AAAA SRV CNAME;
- grant SERVER$@mtolympus.local wildcard * A AAAA SRV CNAME;
- };
- ################################/var/log/messages (WHEN STARTING NAMED)######################################################
- Jun 1 23:29:31 server named[6163]: BIND 9 is maintained by Internet Systems Consortium,
- Jun 1 23:29:31 server named[6163]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
- Jun 1 23:29:31 server named[6163]: corporation. Support and training for BIND 9 are
- Jun 1 23:29:31 server named[6163]: available at https://www.isc.org/support
- Jun 1 23:29:31 server named[6163]: ----------------------------------------------------
- Jun 1 23:29:31 server named[6163]: adjusted limit on open files from 4096 to 1048576
- Jun 1 23:29:31 server named[6163]: found 2 CPUs, using 2 worker threads
- Jun 1 23:29:31 server named[6163]: using up to 4096 sockets
- Jun 1 23:29:31 server named[6163]: using default UDP/IPv4 port range: [1024, 65535]
- Jun 1 23:29:31 server named[6163]: using default UDP/IPv6 port range: [1024, 65535]
- Jun 1 23:29:31 server named[6163]: no IPv6 interfaces found
- Jun 1 23:29:31 server named[6163]: listening on IPv4 interface lo, 127.0.0.1#53
- Jun 1 23:29:31 server named[6163]: listening on IPv4 interface eth0, XX.XX.XXX.XXX#53
- Jun 1 23:29:31 server named[6163]: listening on IPv4 interface eth0:1, XXX.XX.XXX.XXX#53
- Jun 1 23:29:31 server named[6163]: listening on IPv4 interface eth2, 10.0.0.1#53
- Jun 1 23:29:31 server named[6163]: listening on IPv4 interface eth2:1, 10.0.0.2#53
- Jun 1 23:29:31 server named[6163]: listening on IPv4 interface eth1, 172.20.2.254#53
- Jun 1 23:29:31 server named[6163]: generating session key for dynamic DNS
- Jun 1 23:29:31 server named[6163]: sizing zone task pool based on 16 zones
- Jun 1 23:29:31 server named[6163]: zone 'XXX.XX.XX.in-addr.arpa' allows updates by IP address, which is insecure
- Jun 1 23:29:31 server named[6163]: Loading 'AD DNS Zone' using driver dlopen
- Jun 1 23:29:31 server named[6163]: samba_dlz: started for DN DC=mtolympus,DC=local
- Jun 1 23:29:31 server named[6163]: samba_dlz: starting configure
- Jun 1 23:29:31 server named[6163]: samba_dlz: configured writeable zone 'mtolympus.local'
- Jun 1 23:29:31 server named[6163]: samba_dlz: configured writeable zone '_msdcs.mtolympus.local'
- Jun 1 23:29:31 server named[6163]: set up managed keys zone for view _default, file 'dynamic/managed-keys.bind'
- Jun 1 23:29:31 server named[6163]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
- Jun 1 23:29:31 server named[6163]: automatic empty zone: 127.IN-ADDR.ARPA
- Jun 1 23:29:31 server named[6163]: automatic empty zone: 254.169.IN-ADDR.ARPA
- Jun 1 23:29:31 server named[6163]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
- Jun 1 23:29:31 server named[6163]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
- Jun 1 23:29:31 server named[6163]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
- Jun 1 23:29:31 server named[6163]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
- Jun 1 23:29:31 server named[6163]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
- Jun 1 23:29:31 server named[6163]: automatic empty zone: D.F.IP6.ARPA
- Jun 1 23:29:31 server named[6163]: automatic empty zone: 8.E.F.IP6.ARPA
- Jun 1 23:29:31 server named[6163]: automatic empty zone: 9.E.F.IP6.ARPA
- Jun 1 23:29:31 server named[6163]: automatic empty zone: A.E.F.IP6.ARPA
- Jun 1 23:29:31 server named[6163]: automatic empty zone: B.E.F.IP6.ARPA
- Jun 1 23:29:31 server named[6163]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
- Jun 1 23:29:31 server named[6163]: zone 'version.bind' allows updates by IP address, which is insecure
- Jun 1 23:29:31 server named[6163]: zone 'hostname.bind' allows updates by IP address, which is insecure
- Jun 1 23:29:31 server named[6163]: zone 'authors.bind' allows updates by IP address, which is insecure
- Jun 1 23:29:31 server named[6163]: zone 'id.server' allows updates by IP address, which is insecure
- Jun 1 23:29:31 server named[6163]: command channel listening on 127.0.0.1#953
- Jun 1 23:29:31 server named[6163]: zone 0.in-addr.arpa/IN: loaded serial 0
- ############################################/var/log/messages (starting samba.. shouldnt there be more here?)####################################
- Jun 1 23:32:10 server smbd[6208]: [2013/06/01 23:32:10.481398, 0] ../source3/smbd/server.c:1280(main)
- Jun 1 23:32:10 server smbd[6208]: standard input is not a socket, assuming -D option
- ##########################################RUNNING samba_dnsupdate --verbose#############################################################
- [root@server private]# samba_dnsupdate --verbose
- IPs: ['10.0.0.1']
- Looking for DNS entry A mtolympus.local 10.0.0.1 as mtolympus.local.
- Looking for DNS entry A server.mtolympus.local 10.0.0.1 as server.mtolympus.local.
- Looking for DNS entry A gc._msdcs.mtolympus.local 10.0.0.1 as gc._msdcs.mtolympus.local.
- Looking for DNS entry CNAME 227223e0-245c-496d-8b16-b4796c8777f7._msdcs.mtolympus.local server.mtolympus.local as 227223e0-245c-496d-8b16-b4796c8777f7._msdcs.mtolympus.local.
- Looking for DNS entry SRV _kpasswd._tcp.mtolympus.local server.mtolympus.local 464 as _kpasswd._tcp.mtolympus.local.
- Checking 0 100 464 server.mtolympus.local. against SRV _kpasswd._tcp.mtolympus.local server.mtolympus.local 464
- Looking for DNS entry SRV _kpasswd._udp.mtolympus.local server.mtolympus.local 464 as _kpasswd._udp.mtolympus.local.
- Checking 0 100 464 server.mtolympus.local. against SRV _kpasswd._udp.mtolympus.local server.mtolympus.local 464
- Looking for DNS entry SRV _kerberos._tcp.mtolympus.local server.mtolympus.local 88 as _kerberos._tcp.mtolympus.local.
- Checking 0 100 88 server.mtolympus.local. against SRV _kerberos._tcp.mtolympus.local server.mtolympus.local 88
- Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.mtolympus.local server.mtolympus.local 88 as _kerberos._tcp.dc._msdcs.mtolympus.local.
- Checking 0 100 88 server.mtolympus.local. against SRV _kerberos._tcp.dc._msdcs.mtolympus.local server.mtolympus.local 88
- Looking for DNS entry SRV _kerberos._tcp.default-first-site-name._sites.mtolympus.local server.mtolympus.local 88 as _kerberos._tcp.default-first-site-name._sites.mtolympus.local.
- Checking 0 100 88 server.mtolympus.local. against SRV _kerberos._tcp.default-first-site-name._sites.mtolympus.local server.mtolympus.local 88
- Looking for DNS entry SRV _kerberos._tcp.default-first-site-name._sites.dc._msdcs.mtolympus.local server.mtolympus.local 88 as _kerberos._tcp.default-first-site-name._sites.dc._msdcs.mtolympus.local.
- Checking 0 100 88 server.mtolympus.local. against SRV _kerberos._tcp.default-first-site-name._sites.dc._msdcs.mtolympus.local server.mtolympus.local 88
- Looking for DNS entry SRV _kerberos._udp.mtolympus.local server.mtolympus.local 88 as _kerberos._udp.mtolympus.local.
- Checking 0 100 88 server.mtolympus.local. against SRV _kerberos._udp.mtolympus.local server.mtolympus.local 88
- Looking for DNS entry SRV _ldap._tcp.mtolympus.local server.mtolympus.local 389 as _ldap._tcp.mtolympus.local.
- Checking 0 100 389 server.mtolympus.local. against SRV _ldap._tcp.mtolympus.local server.mtolympus.local 389
- Looking for DNS entry SRV _ldap._tcp.dc._msdcs.mtolympus.local server.mtolympus.local 389 as _ldap._tcp.dc._msdcs.mtolympus.local.
- Checking 0 100 389 server.mtolympus.local. against SRV _ldap._tcp.dc._msdcs.mtolympus.local server.mtolympus.local 389
- Looking for DNS entry SRV _ldap._tcp.gc._msdcs.mtolympus.local server.mtolympus.local 3268 as _ldap._tcp.gc._msdcs.mtolympus.local.
- Checking 0 100 3268 server.mtolympus.local. against SRV _ldap._tcp.gc._msdcs.mtolympus.local server.mtolympus.local 3268
- Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.mtolympus.local server.mtolympus.local 389 as _ldap._tcp.pdc._msdcs.mtolympus.local.
- Checking 0 100 389 server.mtolympus.local. against SRV _ldap._tcp.pdc._msdcs.mtolympus.local server.mtolympus.local 389
- Looking for DNS entry SRV _ldap._tcp.default-first-site-name._sites.mtolympus.local server.mtolympus.local 389 as _ldap._tcp.default-first-site-name._sites.mtolympus.local.
- Checking 0 100 389 server.mtolympus.local. against SRV _ldap._tcp.default-first-site-name._sites.mtolympus.local server.mtolympus.local 389
- Looking for DNS entry SRV _ldap._tcp.default-first-site-name._sites.dc._msdcs.mtolympus.local server.mtolympus.local 389 as _ldap._tcp.default-first-site-name._sites.dc._msdcs.mtolympus.local.
- Checking 0 100 389 server.mtolympus.local. against SRV _ldap._tcp.default-first-site-name._sites.dc._msdcs.mtolympus.local server.mtolympus.local 389
- Looking for DNS entry SRV _ldap._tcp.default-first-site-name._sites.gc._msdcs.mtolympus.local server.mtolympus.local 3268 as _ldap._tcp.default-first-site-name._sites.gc._msdcs.mtolympus.local.
- Checking 0 100 3268 server.mtolympus.local. against SRV _ldap._tcp.default-first-site-name._sites.gc._msdcs.mtolympus.local server.mtolympus.local 3268
- Looking for DNS entry SRV _ldap._tcp.96f62427-f474-4cbf-b4d1-ce025a2ea27a.domains._msdcs.mtolympus.local server.mtolympus.local 389 as _ldap._tcp.96f62427-f474-4cbf-b4d1-ce025a2ea27a.domains._msdcs.mtolympus.local.
- Checking 0 100 389 server.mtolympus.local. against SRV _ldap._tcp.96f62427-f474-4cbf-b4d1-ce025a2ea27a.domains._msdcs.mtolympus.local server.mtolympus.local 389
- Looking for DNS entry SRV _gc._tcp.mtolympus.local server.mtolympus.local 3268 as _gc._tcp.mtolympus.local.
- Checking 0 100 3268 server.mtolympus.local. against SRV _gc._tcp.mtolympus.local server.mtolympus.local 3268
- Looking for DNS entry SRV _gc._tcp.default-first-site-name._sites.mtolympus.local server.mtolympus.local 3268 as _gc._tcp.default-first-site-name._sites.mtolympus.local.
- Checking 0 100 3268 server.mtolympus.local. against SRV _gc._tcp.default-first-site-name._sites.mtolympus.local server.mtolympus.local 3268
- No DNS updates needed
- #############################################################/etc/resolv.conf##################################################################
- [root@server private]# cat /etc/resolv.conf
- search MYEXTERNALDOMAN.NET
- search mtolympus.local
- domain MYEXTERNALDOMAIN.NET
- domain mtolympus.local
- nameserver 10.0.0.1
- #############################################################/etc/hosts#####################################################################
- [root@server private]# cat /etc/hosts
- 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
- ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
- 127.0.0.1 autoreply autoreply.MYEXTERNALDOMAIN.NET
- 127.0.0.1 mail mail.MYEXTERNALDOMAN.NET
- 127.0.0.1 SERVER.MTOLYMPUS.LOCAL SERVER
- [root@server private]#
- ################################################/usr/local/samba/bin/smbclient -L localhost -U%###############################################
- [root@server private]# /usr/local/samba/bin/smbclient -L localhost -U%
- Domain=[MTOLYMPUS] OS=[Unix] Server=[Samba 4.0.6]
- Sharename Type Comment
- --------- ---- -------
- netlogon Disk
- sysvol Disk
- IPC$ IPC IPC Service (Samba 4.0.6)
- Domain=[MTOLYMPUS] OS=[Unix] Server=[Samba 4.0.6]
- Server Comment
- --------- -------
- Workgroup Master
- --------- -------
- [root@server private]#
- ##########################################smbclient //localhost/netlogon -UAdministrator%'MYPASSWORD' -c 'ls'#####################################
- [root@server private]# smbclient //localhost/netlogon -UAdministrator%'MYPASSWORD' -c 'ls'
- Domain=[MTOLYMPUS] OS=[Unix] Server=[Samba 4.0.6]
- . D 0 Sat Jun 1 19:47:08 2013
- .. D 0 Sat Jun 1 19:47:17 2013
- 50396 blocks of size 1048576. 42259 blocks available
- [root@server private]#
- ####################################################host -t SRV _ldap._tcp.MTOLYMPUS.LOCAL##############################################
- [root@server private]# host -t SRV _ldap._tcp.MTOLYMPUS.LOCAL
- _ldap._tcp.MTOLYMPUS.LOCAL has SRV record 0 100 389 server.mtolympus.local.
- [root@server private]#
- #########################################################kinit administrator@MYDOMAIN.LOCAL###########################################
- [root@server private]# kinit administrator@MTOLYMPUS.LOCAL
- Password for administrator@MTOLYMPUS.LOCAL:
- Warning: Your password will expire in 41 days on Sat Jul 13 19:47:14 2013
- [root@server private]#
- ######################################################################klist#########################################################
- [root@server private]# klist
- Ticket cache: FILE:/tmp/krb5cc_0
- Default principal: administrator@MTOLYMPUS.LOCAL
- Valid starting Expires Service principal
- 06/01/13 23:39:32 06/02/13 09:39:32 krbtgt/MTOLYMPUS.LOCAL@MTOLYMPUS.LOCAL
- renew until 06/02/13 23:39:27
- [root@server private]#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement