samba-ad-dc-setup-and-files

1. /etc/krb5.conf:
2. [logging]
3. default = SYSLOG:INFO
4.  
5. [libdefaults]
6. default_realm = HOME.THECHATTERJEES.NET
7. dns_lookup_realm = false
8. dns_lookup_kdc = true
9. ticket_lifetime = 24h
10. renew_lifetime = 7d
11. forwardable = true
12.  
13. [realms]
14. HOME.THECHATTERJEES.NET= {
15. kdc = chattersrv.home.thechatterjees.net
16. admin_server = chattersrv.home.thechatterjees.net
17. master_kdc = chattersrv.home.thechatterjees.net
18. default_domain = home.thechatterjees.net
19. }
20.  
21. [domain_realm]
22. .home.thechatterjees.net = HOME.THECHATTERJEES.NET
23. home.thechatterjees.net = HOME.THECHATTERJEES.NET
24.  
25. chatterjees@chattersrv:~$sudo krb5_newrealm
26.  
27. chatterjees@chattersrv:~$ sudo kadmin.local -q "addprinc admin/admin"
28. chatterjees@chattersrv:~$ sudo kadmin.local -q "addprinc administrator"
29.  
30. chatterjees@chattersrv:~$ sudo kadmin.local -q "list_principals"
31. Authenticating as principal root/admin@HOME.THECHATTERJEES.NET with password.
32. K/M@HOME.THECHATTERJEES.NET
33. admin/admin@HOME.THECHATTERJEES.NET
34. administrator@HOME.THECHATTERJEES.NET
35. kadmin/admin@HOME.THECHATTERJEES.NET
36. kadmin/changepw@HOME.THECHATTERJEES.NET
37. kadmin/chattersrv.home.thechatterjees.net@HOME.THECHATTERJEES.NET
38. kiprop/chattersrv.home.thechatterjees.net@HOME.THECHATTERJEES.NET
39. krbtgt/HOME.THECHATTERJEES.NET@HOME.THECHATTERJEES.NET
40.  
41. chatterjees@chattersrv:~$ sudo kinit administrator@HOME.THECHATTERJEES.NET
42. Password for administrator@HOME.THECHATTERJEES.NET:
43.  
44. chatterjees@chattersrv:~$ sudo klist
45. Ticket cache: FILE:/tmp/krb5cc_0
46. Default principal: administrator@HOME.THECHATTERJEES.NET
47.  
48. Valid starting Expires Service principal
49. 07/31/2016 19:33:47 08/01/2016 05:33:47 krbtgt/HOME.THECHATTERJEES.NET@HOME.THECHATTERJEES.NET
50. renew until 08/07/2016 19:33:44
51.  
52. chatterjees@chattersrv:~$ sudo samba-tool domain provision --option="interfaces=lo enp2s0" --option="bind interfaces only=yes" --use-rfc2307 --interactive
53. Realm [HOME.THECHATTERJEES.NET]:
54. Domain [HOME]: CHATTERDOMAIN
55. Server Role (dc, member, standalone) [dc]:
56. DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
57. DNS forwarder IP address (write 'none' to disable forwarding) [192.168.1.11]: 192.168.1.1
58. Administrator password:
59. Retype password:
60. Looking up IPv4 addresses
61. Looking up IPv6 addresses
62. No IPv6 address will be assigned
63. Setting up share.ldb
64. Setting up secrets.ldb
65. Setting up the registry
66. Setting up the privileges database
67. Setting up idmap db
68. Setting up SAM db
69. Setting up sam.ldb partitions and settings
70. Setting up sam.ldb rootDSE
71. Pre-loading the Samba 4 and AD schema
72. Adding DomainDN: DC=home,DC=thechatterjees,DC=net
73. Adding configuration container
74. Setting up sam.ldb schema
75. Setting up sam.ldb configuration data
76. Setting up display specifiers
77. Modifying display specifiers
78. Adding users container
79. Modifying users container
80. Adding computers container
81. Modifying computers container
82. Setting up sam.ldb data
83. Setting up well known security principals
84. Setting up sam.ldb users and groups
85. Setting up self join
86. Adding DNS accounts
87. Creating CN=MicrosoftDNS,CN=System,DC=home,DC=thechatterjees,DC=net
88. Creating DomainDnsZones and ForestDnsZones partitions
89. Populating DomainDnsZones and ForestDnsZones partitions
90. Setting up sam.ldb rootDSE marking as synchronized
91. Fixing provision GUIDs
92. A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf
93. Setting up fake yp server settings
94. Once the above files are installed, your Samba4 server will be ready to use
95. Server Role: active directory domain controller
96. Hostname: chattersrv
97. NetBIOS Domain: CHATTERDOMAIN
98. DNS Domain: home.thechatterjees.net
99. DOMAIN SID: S-1-5-21-148286683-2101334516-1739462661
100.  
101. /etc/samba/smb.conf:
102. Global parameters
103. [global]
104. workgroup = CHATTERDOMAIN
105. realm = HOME.THECHATTERJEES.NET
106. netbios name = CHATTERSRV
107. interfaces = lo enp2s0
108. bind interfaces only = Yes
109. server role = active directory domain controller
110. dns forwarder = 192.168.1.1
111. idmap_ldb:use rfc2307 = yes
112.  
113. [netlogon]
114. comment = Network Logon Service
115. path = /var/lib/samba/sysvol/home.thechatterjees.net/scripts
116. read only = No
117.  
118. [sysvol]
119. path = /var/lib/samba/sysvol
120. read only = No
121. path = /var/lib/samba/locks/sysvol/home.thechatterjees.net/scripts
122.  
123. [printers]
124. comment = All Printers
125. browseable = yes
126. path = /var/spool/samba
127. printable = yes
128. guest ok = yes
129. read only = yes
130. create mask = 0700
131.  
132. # Windows clients look for this share name as a source of downloadable
133. # printer drivers
134. [print$]
135. comment = Printer Drivers
136. path = /var/lib/samba/printers
137. browseable = yes
138. read only = yes
139. guest ok = no
140.  
141. [raidhome]
142. comment = Home Directories on RAID server
143. path = /raidhome/users
144. browseable = yes
145. force group = users
146. create mask = 0664
147. directory mask = 0775
148. [media]
149. comment = The Chatterjees' Media Files
150. path = /raidhome/_data/media
151. browseable = yes
152. force group = users
153. create mask = 0664
154. directory mask = 0775
155. read only = No
156. writable = yes
157.  
158. [programs]
159. comment = The Chatterjees' Programs
160. path = /raidhome/_data/programs
161. browseable = yes
162. force group = users
163. create mask = 0664
164. directory mask = 0775
165. read only = No
166. writable = yes
167.  
168.  
169. chatterjees@chattersrv:~$ sudo /etc/init.d/samba restart
170. [ ok ] Restarting nmbd (via systemctl): nmbd.service.
171. [ ok ] Restarting smbd (via systemctl): smbd.service.
172. [ ok ] Restarting samba-ad-dc (via systemctl): samba-ad-dc.service.
173. chatterjees@chattersrv:~$ sudo /etc/init.d/winbind restart
174.  
175. chatterjees@chattersrv:~$ host -t SRV _ldap._tcp.home.thechatterjees.net
176. _ldap._tcp.home.thechatterjees.net has SRV record 0 100 389 chattersrv.home.thechatterjees.net.
177.  
178. chatterjees@chattersrv:~$ host -t SRV _kerberos._udp.home.thechatterjees.net
179. _kerberos._udp.home.thechatterjees.net has SRV record 0 100 88 chattersrv.home.thechatterjees.net.
180.  
181. chatterjees@chattersrv:~$ host -t A chattersrv.home.thechatterjees.net
182. chattersrv.home.thechatterjees.net has address 192.168.1.11
183.  
184. chatterjees@chattersrv:~$ smbclient -L localhost -U Administrator
185. [sudo] password for chatterjees:
186. Enter administrator's password:
187. Domain=[CHATTERDOMAIN] OS=[Windows 6.1] Server=[Samba 4.3.9-Ubuntu]
188.  
189. Sharename Type Comment
190. --------- ---- -------
191. netlogon Disk Network Logon Service
192. sysvol Disk
193. print$ Disk Printer Drivers
194. raidhome Disk Home Directories on RAID server
195. media Disk The Chatterjees' Media Files
196. programs Disk The Chatterjees' Programs
197. IPC$ IPC IPC Service (Samba 4.3.9-Ubuntu)
198. ML-2510-Series Printer Samsung ML-2510 Series
199. Domain=[CHATTERDOMAIN] OS=[Windows 6.1] Server=[Samba 4.3.9-Ubuntu]
200.  
201. Server Comment
202. --------- -------
203.  
204. Workgroup Master
205. --------- -------
206. WORKGROUP MUNIPI