Howto Add a Samba4 Domain Controller: Difference between revisions
→Adding Users: better explanation |
No edit summary |
||
| (37 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
{{mbox |type=warning |text=This information is out of date. [[IT Infrastructure|Up-to-date IT information can be found here]] }} |
|||
== DNS Records == |
|||
| ⚫ | |||
| ⚫ | |||
* Set a NS record for ad.pumpingstationone.org to auth.pumpingstationone.org |
|||
* Follow the Arch provision guide |
|||
| ⚫ | |||
* Add role: dc to the salt minion config. |
|||
echo "auth.pumpingstationone.org" > /etc/hostname |
|||
add 66.228.35.181 auth.ad.arbitrarion.com auth to beginning of /etc/hosts |
|||
Create a file called /etc/salt/minion.d/dc.conf |
|||
== Samba == |
|||
<pre> |
|||
There is no stable, working version of Samba 4 shipping with ubuntu. You have to download it from source for now. As of writing, version 4.0.5 works |
|||
grains: |
|||
roles: |
|||
- dc |
|||
</pre> |
|||
== Joining As a Domain Controller == |
|||
git clone -b v4-0-stable git://git.samba.org/samba.git samba |
|||
./configure |
|||
make |
|||
make install |
|||
samba-tool domain join AD.PUMPINGSTATIONONE.ORG DC -U hef |
|||
=== Provisioning === |
|||
=== Checking and Fixing DNS === |
|||
DNS doesn't always register correctly. |
|||
/usr/local/samba/bin/samba-tool domain provision --realm=ad.pumpingstationone.org --domain=PS1 --server-role=dc |
|||
check it: |
|||
Make a note of the admin password. You may need it later. |
|||
| ⚫ | |||
=== Kerberos === |
|||
If nothing comes back, re add it by hand. |
|||
apt-get install kerberos |
|||
samba-tool dns add bob ad.pumpingstationone.org dc01 A 10.100.0.112 |
|||
/etc/krb5.conf |
|||
[libdefaults] |
|||
At this point you need the guid for the new server. The [https://wiki.samba.org/index.php/Join_a_domain_as_a_DC Samba Guide] References the ldbsearch commmand. I couldn't get it to work, so I grabbed the objectGuid field from CN=NTDS Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=pumpingstationone,DC=org in ldap. |
|||
default_realm = AD.ARBITRARION.COM |
|||
dns_lookup_realm = false |
|||
host -t CNAME af4c9efd-56f6-4160-8335-cf8e5a5ada8f._msdcs.ad.pumpingstationone.org |
|||
dns_lookup_kdc = true |
|||
If it's missing add it: |
|||
samba-tool dns add bob _msdcs.ad.pumpingstationone.org af4c9efd-56f6-4160-8335-cf8e5a5ada8f CNAME dc01.ad.pumpingstationone.org |
|||
== Joining As a Domain Member == |
|||
net ads join -U hef |
|||
The samba-tool domain join command does not get winbindd working correctly. The <code>net</code> command is required. |
|||
| ⚫ | |||
Regular users need to get there account through https://members.pumpingstationone.org. |
|||
service and test accounts can be created with the following procedire |
|||
| ⚫ | |||
To create the user "hef" and set the user password, use the following command: |
To create the user "hef" and set the user password, use the following command: |
||
samba-tool user add hef |
|||
To add the user "hef" to the "Domain Admins" group, use the following command: |
To add the user "hef" to the "Domain Admins" group, use the following command: |
||
samba-tool group addmembers "Domain Admins" hef |
|||
[[Category:IT Equipment]] |
|||
Latest revision as of 14:02, 1 November 2018
{{
{{#switch:
{{#if:
|
| {{#if:
|
{{#ifeq:|
| talk
|
}}
|
{{#ifeq:|talk
| talk
|
}}
}}
}}
| main | = ambox | talk = tmbox | user = ombox | project = ombox | file | image = imbox | mediawiki = ombox | template = ombox | help = ombox | category = cmbox | book = ombox | extension = ombox | other | #default = ombox
}} | type = warning | image = | imageright = | class = | style = | textstyle = | text = This information is out of date. Up-to-date IT information can be found here | small = | smallimage = | smallimageright = | smalltext = | subst = | date = | name = }}
Setup
- Follow the Arch provision guide
- Add role: dc to the salt minion config.
Create a file called /etc/salt/minion.d/dc.conf
grains:
roles:
- dc
Joining As a Domain Controller
samba-tool domain join AD.PUMPINGSTATIONONE.ORG DC -U hef
Checking and Fixing DNS
DNS doesn't always register correctly.
check it:
host -t dc01.ad.pumpingstationone.org.
If nothing comes back, re add it by hand.
samba-tool dns add bob ad.pumpingstationone.org dc01 A 10.100.0.112
At this point you need the guid for the new server. The Samba Guide References the ldbsearch commmand. I couldn't get it to work, so I grabbed the objectGuid field from CN=NTDS Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=pumpingstationone,DC=org in ldap.
host -t CNAME af4c9efd-56f6-4160-8335-cf8e5a5ada8f._msdcs.ad.pumpingstationone.org
If it's missing add it:
samba-tool dns add bob _msdcs.ad.pumpingstationone.org af4c9efd-56f6-4160-8335-cf8e5a5ada8f CNAME dc01.ad.pumpingstationone.org
Joining As a Domain Member
net ads join -U hef
The samba-tool domain join command does not get winbindd working correctly. The net command is required.
Adding Users
Regular users need to get there account through https://members.pumpingstationone.org.
service and test accounts can be created with the following procedire
To create the user "hef" and set the user password, use the following command:
samba-tool user add hef
To add the user "hef" to the "Domain Admins" group, use the following command:
samba-tool group addmembers "Domain Admins" hef
