Contents • • • • • • • • • • • • • • • • • • • Introduction Starting from version 4.0, Samba is able to run as an Active Directory (AD) domain controller (DC). If you are installing Samba in a production environment, it is recommended to run two or more DCs for failover reasons. This documentation describes how to set up Samba as the first DC to build a new AD forest. Additionally, use this documentation if you are migrating a Samba NT4 domain to Samba AD. To join Samba as an additional DC to an existing AD forest, see. Samba as an AD DC only supports: • the integrated LDAP server as AD back end. For details, see the frequently asked question (FAQ) • the and Kerberos Key Distribution Center (KDC). Any helpful documentation, best practices, sample scripts, useful websites. Samba Complete Active Directory Domain Integration tested on. On the other hand, if you have already been using Samba as an Active Directory domain member and have assigned UIDs and GIDs to Active Directory users and groups, the PERL configuration script helps to resolve conflicts when Samba and infrastructure services are integrated. Samba Active Directory Web ServicesSamba uses the MIT KDC provided by your operating system if you run Samba 4.7 or later and has been built using the --with-system-mitkrb5 option. In other cases Samba uses the Heimdal KDC included in Samba. For further details about Samba using the MIT KDC, see. Preparing the Installation • Select a host name for your AD DC. Do not use NT4-only terms as host name, such as PDC or BDC. These modes do not exist in an AD and cause confusion. • Select a DNS domain for your AD forest. The name will also be used as the AD Kerberos realm. Make sure that you provision the AD using a DNS domain that will not need to be changed. Samba does not support renaming the AD DNS zone and Kerberos realm. For additional information, see. • Use a static IP address on the DC. • Disable tools, such as resolvconf, that automatically update your /etc/resolv.conf DNS resolver configuration file. AD DCs and domain members must use an DNS server that is able to resolve the AD DNS zones. • Verify that no Samba processes are running: # ps ax| egrep 'samba|smbd|nmbd|winbindd' If the output lists any samba, smbd, nmbd, or winbindd processes, shut down the processes. • Verify that the /etc/hosts file on the DC correctly resolves the fully-qualified domain name (FQDN) and short host name to the LAN IP address of the DC. For example: 127.0.0.1 localhost localhost.localdomain 10.99.0.1 DC1.samdom.example.com DC1 The host name and FQDN must not resolve to the 127.0.0.1 IP address or any other IP address than the one used on the LAN interface of the DC. • If you previously ran a Samba installation on this host: • Remove the existing smb.conf file. To list the path to the file: # smbd -b| grep 'CONFIGFILE' CONFIGFILE: /usr/local/samba/etc/samba/smb.conf • Remove all Samba database files, such as *.tdb and *.ldb files. Pick out the location of the RV lot you prefer then make it yours. McCoy, Florida. Semiologia medica cediel descargar pdf reader gratis. Starting in the low 30s, you can now own a space to call your own in the pristine Ocala National Forest. Samba Active Directory ServerTo list the folders containing Samba databases: # smbd -b| egrep 'LOCKDIR|STATEDIR|CACHEDIR|PRIVATE_DIR' LOCKDIR: /usr/local/samba/var/lock/ STATEDIR: /usr/local/samba/var/locks/ CACHEDIR: /usr/local/samba/var/cache/ PRIVATE_DIR: /usr/local/samba/private/ Starting with a clean environment helps to prevent confusion and ensures that no files from any previous Samba installation will be mixed with your new domain DC installation. • Remove an existing /etc/krb5.conf file: # rm /etc/krb5.conf Installing Samba • • • • • Install a maintained Samba version. For details, see. Provisioning a Samba Active Directory The Samba AD provisioning process creates the AD databases and adds initial records, such as the domain administrator account and required DNS entries. If you are migrating a Samba NT4 domain to AD, skip this step and run the Samba classic upgrade. For details, see. The AD provisioning requires root permissions to create files and set permissions. The samba-tool domain provision command provides several parameters to use with the interactive and non-interactive setup. For details, see: # samba-tool domain provision --help When provisioning a new AD, it is recommended to enable the NIS extensions by passing the --use-rfc2307 parameter to the samba-tool domain provision command. This enables you to store Unix attributes in AD, such as user IDs (UID), home directories paths, group IDs (GID). Enabling the NIS extensions has no disadvantages. However, enabling them in an existing domain requires manually extending the AD schema. For further details about Unix attributes in AD, see: • • Parameter Explanation Set the following parameters during the provisioning: Interactive Mode Setting Non-interactive Mode Parameter Explanation --use-rfc2307 --use-rfc2307 Enables the NIS extensions. Realm --realm Kerberos realm. This is also used as the AD DNS domain. For example: samdom.example.com. Domain --domain NetBIOS domain name. It is recommended to use the first part of the AD DNS domain. For example: samdom. Server Role --server-role Installs the domain controller DC role. DNS backend --dns-backend Sets the DNS back end. The first DC in an AD must be installed using a DNS back end. Note that the BIND9_FLATFILE is not supported and will be removed in a future Samba version. DNS forwarder IP address not available This setting is only available when using the SAMBA_INTERNAL DNS back end. For details, see. Administrator password --adminpass Sets the domain administrator password. If the password does not match the complexity requirements, the provisioning fails. Linux Samba Active DirectoryFor details, see. Other parameters frequently used with the samba-tool domain provision command: • --option='interfaces=lo eth0' --option='bind interfaces only=yes': If your server has multiple network interfaces, use these options to bind Samba to the specified interfaces. This enables the samba-tool command to register the correct LAN IP address in the directory during the join. Samba Active Directory Domain Integration ScripturesDo NOT use NONE as the DNS backend, it is not supported and will be removed in a future Samba version. If using Bind as the DNS backend, do NOT use BIND9_FLATFILE, it is not supported and will be removed in a future Samba version. Once you have provisioned the first DC in an AD domain, do not provision any further DCs in the same domain, any further DCs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |