Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /etc/krb5.conf:
- [logging]
- default = SYSLOG:INFO
- [libdefaults]
- default_realm = HOME.THECHATTERJEES.NET
- dns_lookup_realm = false
- dns_lookup_kdc = true
- ticket_lifetime = 24h
- renew_lifetime = 7d
- forwardable = true
- [realms]
- HOME.THECHATTERJEES.NET= {
- kdc = chattersrv.home.thechatterjees.net
- admin_server = chattersrv.home.thechatterjees.net
- master_kdc = chattersrv.home.thechatterjees.net
- default_domain = home.thechatterjees.net
- }
- [domain_realm]
- .home.thechatterjees.net = HOME.THECHATTERJEES.NET
- home.thechatterjees.net = HOME.THECHATTERJEES.NET
- chatterjees@chattersrv:~$sudo krb5_newrealm
- chatterjees@chattersrv:~$ sudo kadmin.local -q "addprinc admin/admin"
- chatterjees@chattersrv:~$ sudo kadmin.local -q "addprinc administrator"
- chatterjees@chattersrv:~$ sudo kadmin.local -q "list_principals"
- Authenticating as principal root/admin@HOME.THECHATTERJEES.NET with password.
- K/M@HOME.THECHATTERJEES.NET
- admin/admin@HOME.THECHATTERJEES.NET
- administrator@HOME.THECHATTERJEES.NET
- kadmin/admin@HOME.THECHATTERJEES.NET
- kadmin/changepw@HOME.THECHATTERJEES.NET
- kadmin/chattersrv.home.thechatterjees.net@HOME.THECHATTERJEES.NET
- kiprop/chattersrv.home.thechatterjees.net@HOME.THECHATTERJEES.NET
- krbtgt/HOME.THECHATTERJEES.NET@HOME.THECHATTERJEES.NET
- chatterjees@chattersrv:~$ sudo kinit administrator@HOME.THECHATTERJEES.NET
- Password for administrator@HOME.THECHATTERJEES.NET:
- chatterjees@chattersrv:~$ sudo klist
- Ticket cache: FILE:/tmp/krb5cc_0
- Default principal: administrator@HOME.THECHATTERJEES.NET
- Valid starting Expires Service principal
- 07/31/2016 19:33:47 08/01/2016 05:33:47 krbtgt/HOME.THECHATTERJEES.NET@HOME.THECHATTERJEES.NET
- renew until 08/07/2016 19:33:44
- chatterjees@chattersrv:~$ sudo samba-tool domain provision --option="interfaces=lo enp2s0" --option="bind interfaces only=yes" --use-rfc2307 --interactive
- Realm [HOME.THECHATTERJEES.NET]:
- Domain [HOME]: CHATTERDOMAIN
- Server Role (dc, member, standalone) [dc]:
- DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
- DNS forwarder IP address (write 'none' to disable forwarding) [192.168.1.11]: 192.168.1.1
- Administrator password:
- Retype password:
- Looking up IPv4 addresses
- Looking up IPv6 addresses
- No IPv6 address will be assigned
- Setting up share.ldb
- Setting up secrets.ldb
- Setting up the registry
- Setting up the privileges database
- Setting up idmap db
- Setting up SAM db
- Setting up sam.ldb partitions and settings
- Setting up sam.ldb rootDSE
- Pre-loading the Samba 4 and AD schema
- Adding DomainDN: DC=home,DC=thechatterjees,DC=net
- Adding configuration container
- Setting up sam.ldb schema
- Setting up sam.ldb configuration data
- Setting up display specifiers
- Modifying display specifiers
- Adding users container
- Modifying users container
- Adding computers container
- Modifying computers container
- Setting up sam.ldb data
- Setting up well known security principals
- Setting up sam.ldb users and groups
- Setting up self join
- Adding DNS accounts
- Creating CN=MicrosoftDNS,CN=System,DC=home,DC=thechatterjees,DC=net
- Creating DomainDnsZones and ForestDnsZones partitions
- Populating DomainDnsZones and ForestDnsZones partitions
- Setting up sam.ldb rootDSE marking as synchronized
- Fixing provision GUIDs
- A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf
- Setting up fake yp server settings
- Once the above files are installed, your Samba4 server will be ready to use
- Server Role: active directory domain controller
- Hostname: chattersrv
- NetBIOS Domain: CHATTERDOMAIN
- DNS Domain: home.thechatterjees.net
- DOMAIN SID: S-1-5-21-148286683-2101334516-1739462661
- /etc/samba/smb.conf:
- Global parameters
- [global]
- workgroup = CHATTERDOMAIN
- realm = HOME.THECHATTERJEES.NET
- netbios name = CHATTERSRV
- interfaces = lo enp2s0
- bind interfaces only = Yes
- server role = active directory domain controller
- dns forwarder = 192.168.1.1
- idmap_ldb:use rfc2307 = yes
- [netlogon]
- comment = Network Logon Service
- path = /var/lib/samba/sysvol/home.thechatterjees.net/scripts
- read only = No
- [sysvol]
- path = /var/lib/samba/sysvol
- read only = No
- path = /var/lib/samba/locks/sysvol/home.thechatterjees.net/scripts
- [printers]
- comment = All Printers
- browseable = yes
- path = /var/spool/samba
- printable = yes
- guest ok = yes
- read only = yes
- create mask = 0700
- # Windows clients look for this share name as a source of downloadable
- # printer drivers
- [print$]
- comment = Printer Drivers
- path = /var/lib/samba/printers
- browseable = yes
- read only = yes
- guest ok = no
- [raidhome]
- comment = Home Directories on RAID server
- path = /raidhome/users
- browseable = yes
- force group = users
- create mask = 0664
- directory mask = 0775
- [media]
- comment = The Chatterjees' Media Files
- path = /raidhome/_data/media
- browseable = yes
- force group = users
- create mask = 0664
- directory mask = 0775
- read only = No
- writable = yes
- [programs]
- comment = The Chatterjees' Programs
- path = /raidhome/_data/programs
- browseable = yes
- force group = users
- create mask = 0664
- directory mask = 0775
- read only = No
- writable = yes
- chatterjees@chattersrv:~$ sudo /etc/init.d/samba restart
- [ ok ] Restarting nmbd (via systemctl): nmbd.service.
- [ ok ] Restarting smbd (via systemctl): smbd.service.
- [ ok ] Restarting samba-ad-dc (via systemctl): samba-ad-dc.service.
- chatterjees@chattersrv:~$ sudo /etc/init.d/winbind restart
- chatterjees@chattersrv:~$ host -t SRV _ldap._tcp.home.thechatterjees.net
- _ldap._tcp.home.thechatterjees.net has SRV record 0 100 389 chattersrv.home.thechatterjees.net.
- chatterjees@chattersrv:~$ host -t SRV _kerberos._udp.home.thechatterjees.net
- _kerberos._udp.home.thechatterjees.net has SRV record 0 100 88 chattersrv.home.thechatterjees.net.
- chatterjees@chattersrv:~$ host -t A chattersrv.home.thechatterjees.net
- chattersrv.home.thechatterjees.net has address 192.168.1.11
- chatterjees@chattersrv:~$ smbclient -L localhost -U Administrator
- [sudo] password for chatterjees:
- Enter administrator's password:
- Domain=[CHATTERDOMAIN] OS=[Windows 6.1] Server=[Samba 4.3.9-Ubuntu]
- Sharename Type Comment
- --------- ---- -------
- netlogon Disk Network Logon Service
- sysvol Disk
- print$ Disk Printer Drivers
- raidhome Disk Home Directories on RAID server
- media Disk The Chatterjees' Media Files
- programs Disk The Chatterjees' Programs
- IPC$ IPC IPC Service (Samba 4.3.9-Ubuntu)
- ML-2510-Series Printer Samsung ML-2510 Series
- Domain=[CHATTERDOMAIN] OS=[Windows 6.1] Server=[Samba 4.3.9-Ubuntu]
- Server Comment
- --------- -------
- Workgroup Master
- --------- -------
- WORKGROUP MUNIPI
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement