Installationsanleitung: Unterschied zwischen den Versionen
Aus MeinWiki
(→Ubuntu 14.04 Installation / Samba4) |
(→Ubuntu 14.04 Installation / Samba4) |
||
(34 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
Zeile 18: | Zeile 18: | ||
*aptitude install make | *aptitude install make | ||
*Install vmwaretool | *Install vmwaretool | ||
+ | == Ubuntu == | ||
=== Ubuntu 14.04 Installation / Samba4 === | === Ubuntu 14.04 Installation / Samba4 === | ||
*Ubuntu 14.04 Server Standard durchführen (OpenSSH Server auswählen). | *Ubuntu 14.04 Server Standard durchführen (OpenSSH Server auswählen). | ||
Zeile 30: | Zeile 31: | ||
gateway 172.16.41.2 | gateway 172.16.41.2 | ||
dns-nameservers 172.16.41.200 8.8.8.8 | dns-nameservers 172.16.41.200 8.8.8.8 | ||
− | dbs-serach | + | dbs-serach corp.net |
*Hostnamen setzen (/etc/hosts). | *Hostnamen setzen (/etc/hosts). | ||
172.16.41.200 selb-main1.corp.net | 172.16.41.200 selb-main1.corp.net | ||
Zeile 37: | Zeile 38: | ||
apt-get update && apt-get upgrade -y | apt-get update && apt-get upgrade -y | ||
*Softwarepakete installieren (Konfiguration Kerberos 2x selb-main1). | *Softwarepakete installieren (Konfiguration Kerberos 2x selb-main1). | ||
+ | apt-get install git acl attr autoconf bison build-essential \ | ||
+ | debhelper dnsutils docbook-xml docbook-xsl flex gdb krb5-user \ | ||
+ | libacl1-dev libaio-dev libattr1-dev libblkid-dev libbsd-dev \ | ||
+ | libcap-dev libcups2-dev libgnutls-dev libjson-perl \ | ||
+ | libldap2-dev libncurses5-dev libpam0g-dev libparse-yapp-perl \ | ||
+ | libpopt-dev libreadline-dev perl perl-modules pkg-config \ | ||
+ | python-all-dev python-dev python-dnspython python-novaclient \ | ||
+ | xsltproc zlib1g-dev | ||
+ | old | ||
apt-get install git build-essential libacl1-dev libattr1-dev libblkid-dev libgnutls-dev libreadline-dev | apt-get install git build-essential libacl1-dev libattr1-dev libblkid-dev libgnutls-dev libreadline-dev | ||
python-dev python-dnspython gdb pkg-config libpopt-dev libldap2-dev dnsutils libbsd-dev attr | python-dev python-dnspython gdb pkg-config libpopt-dev libldap2-dev dnsutils libbsd-dev attr | ||
Zeile 48: | Zeile 58: | ||
make install | make install | ||
*Domaine erstelle. | *Domaine erstelle. | ||
− | cd /usr/local/samba/bin/samba | + | cd /usr/local/samba/bin/ |
− | + | samba-tool domain provision | |
+ | Realm [CORP.NET]: | ||
+ | Domain [CORP]: | ||
+ | Server Role (dc, member, standalone) [dc]: | ||
+ | DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: | ||
+ | DNS forwarder IP address (write 'none' to disable forwarding) [8.8.8.8]: | ||
+ | Administrator password: | ||
+ | Retype password: | ||
+ | (samba-tool domain provision —realm=CORP.NET —domain=CORP —adminpass=„Server123“ —server-role=dc —dns-backend=SAMBA_INTERNAL) | ||
+ | *Samba Logging aktvieren (smb.conf) | ||
+ | # Debug Logging information | ||
+ | log level = 2 | ||
+ | log file = /var/log/samba/samba.log.%m | ||
+ | max log size = 50 | ||
+ | debug timestamp = yes | ||
*Samba starten. | *Samba starten. | ||
/usr/local/samba/sbin/samba | /usr/local/samba/sbin/samba | ||
*Sambaversionen überprüfen, müssen identisch sein. | *Sambaversionen überprüfen, müssen identisch sein. | ||
/usr/local/samba/sbin/samba -V | /usr/local/samba/sbin/samba -V | ||
− | /usr/local/samba | + | /usr/local/samba/bin/smbclient -V |
*Samba Funktionalität überprüfen. | *Samba Funktionalität überprüfen. | ||
− | /usr/local/samba | + | /usr/local/samba/bin/smbclient -L localhost -U% |
− | /usr/local/samba | + | /usr/local/samba/bin/smbclient //localhost/netlogon -U Administrator%“Server123“ -c ls |
+ | *Namensauflösung anpassen. | ||
+ | echo domain CORP.NET >> /etc/resolv.conf | ||
+ | *DNS Forwarder in Sambakonfiguratiosdatei (usr/local/samba/etc/smb.conf) ändern. | ||
+ | dns forwarder = 8.8.8.8 | ||
+ | *Kerberos konfigurieren (/usr/local/samba/share/setup/krb5.conf). | ||
+ | default_realm = CORP.NET | ||
+ | *Kerberos überprüfen. | ||
+ | kinit adminiatrator@CORP.NET | ||
+ | klist -e | ||
+ | *Kerberos Fehlersuche | ||
+ | KRB5_TRACE=/dev/stdout kinit administrator | ||
+ | less /etc/krb5.conf | ||
+ | *Samba Autorun, (/etc/init) <ref> [https://wiki.archlinux.org/index.php/Samba_4_Active_Directory_Domain_Controller] Samba4 Active Directory Domain Controller</ref> | ||
+ | description "SMB/CIFS File and Active Directory Server" | ||
+ | author "Jelmer Vernooij " | ||
+ | start on (local-filesystems and net-device-up) | ||
+ | stop on runlevel [!2345] | ||
+ | expect fork | ||
+ | normal exit 0 | ||
+ | pre-start script | ||
+ | [ -r /etc/default/samba4 ] && . /etc/default/samba4 | ||
+ | install -o root -g root -m 755 -d /var/run/samba | ||
+ | install -o root -g root -m 755 -d /var/log/samba | ||
+ | end script | ||
+ | exec /usr/local/samba/sbin/samba -D | ||
+ | |||
+ | chmod 755 samba4.conf | ||
+ | chmod +x samba4.conf | ||
+ | *Zeitserver konfigurieren (/etc/ntp.conf). | ||
+ | *Userverzeichnis erstellen und konfigurieren. | ||
+ | mkdir -m 770 /Users | ||
+ | chmod g+s /Users | ||
+ | chown root:users /Users | ||
+ | *Userverzeichnis mit Samba bereitstellen. | ||
+ | [Users] | ||
+ | directory_mode: parameter = 0700 | ||
+ | read only = No | ||
+ | path = /Users | ||
+ | csc policy = documents | ||
+ | *Ablauf des Passworts für den Administrator deaktivieren. | ||
+ | samba-tool user setexpiry administrator —noexpiry | ||
+ | *Passwortkomplexität deaktivieren. | ||
+ | samba-tool domain passwordsettings show | ||
+ | samba-tool domain passwordsettings set —complexity=off | ||
+ | samba-tool domain passwordsettings set --min-pwd-length=0 | ||
+ | samba-tool domain passwordsettings set --history-length=0 | ||
+ | *Domänverwaltung erfolgt über einen Windows-Client(Windows 7). | ||
+ | http://www.microsoft.com/en-us/download/details.aspx?id=7887 | ||
+ | Feature nach der Installation aktivieren. | ||
+ | *Grafische Oberfläche auf dem Ubuntu-Server installieren. | ||
+ | apt-get install xorg gnome-core gnome-system-tools gnome-app-install | ||
+ | *Samba Logging konfigurieren. | ||
+ | # Debug Logging information | ||
+ | log level = 2 | ||
+ | log file = /var/log/samba/samba.log.%m | ||
+ | max log size = 50 | ||
+ | debug timestamp = yes | ||
+ | *DHCP Server installieren | ||
+ | apt-get install isc-dhcp-server | ||
+ | *DHCP Config | ||
+ | # Begin /etc/dhcpd.conf | ||
+ | # Internal subnet | ||
+ | subnet 172.16.42.0 netmask 255.255.255.0 { | ||
+ | range 172.16.42.20 172.16.42.50; | ||
+ | interface eth0; | ||
+ | option subnet-mask 255.255.255.0; | ||
+ | option routers 172.16.42.2; | ||
+ | option domain-name "corp.net"; | ||
+ | option domain-name-servers 172.16.42.200; | ||
+ | option broadcast-address 172.16.42.255; | ||
+ | default-lease-time 28800; | ||
+ | max-lease-time 43200; | ||
+ | authoritative; | ||
+ | |||
+ | *Sambaanpassung für DHCP <ref> [http://ubuntuforums.org/showthread.php?t=2171745] Starting Samba4 as DC daemon at boot</ref> | ||
+ | Create User und add Group | ||
+ | samba-tool user create dhcp --description="Unprivileged user for DNS updates via DHCP server" | ||
+ | samba-tool group addmembers DnsAdmins dhcp | ||
+ | Export Benutzerberechtigung | ||
+ | samba-tool domain exportkeytab --principal=dhcp@corp.net dhcpd.keytab | ||
+ | install -vdm 755 /etc/dhcpd | ||
+ | mv dhcpd.keytab /etc/dhcpd/ | ||
+ | chown root:root /etc/dhcpd/dhcpd.keytab | ||
+ | chmod 400 /etc/dhcpd/dhcpd.keytab | ||
+ | Scripte erstellen | ||
+ | cat > /usr/sbin/samba-dnsupdate.sh << "EOF" | ||
+ | #!/bin/bash | ||
+ | # Begin samba-dnsupdate.sh | ||
+ | # Author: DJ Lucas <dj_AT_linuxfromscratch_DOT_org> | ||
+ | # kerberos_creds() courtesy of Sergey Urushkin | ||
+ | # http://www.kuron-germany.de/michael/blog/wp-content/uploads/2012/03/dhcpdns-sergey2.txt | ||
+ | # DHCP server should be authoritative for its own records, sleep for 5 seconds | ||
+ | # to allow unconfigured Windows hosts to create their own DNS records | ||
+ | # In order to use this script you should disable dynamic updates by hosts that | ||
+ | # will receive addresses from this DHCP server. Instructions are found here: | ||
+ | # https://wiki.archlinux.org/index.php/Samba_4_Active_Directory_Domain_Controller#DHCP | ||
+ | binPath=/usr/local/samba/bin/ | ||
+ | sleep 5 | ||
+ | checkvalues() | ||
+ | { | ||
+ | [ -z "${2}" ] && echo "Error: argument '${1}' requires a parameter." && exit 1 | ||
+ | case ${2} in | ||
+ | -*) | ||
+ | echo "Error: Invalid parameter '${2}' passed to ${1}." | ||
+ | exit 1 | ||
+ | ;; | ||
+ | *) | ||
+ | return 0 | ||
+ | ;; | ||
+ | esac | ||
+ | } | ||
+ | showhelp() | ||
+ | { | ||
+ | echo -e "\n"`basename ${0}` "uses samba-tool to update DNS records in Samba 4's DNS" | ||
+ | echo "server when using INTERNAL DNS or BIND9 DLZ plugin." | ||
+ | echo "" | ||
+ | echo " Command line options (and variables):" | ||
+ | echo "" | ||
+ | echo " -a | --action Action for this script to perform" | ||
+ | echo " ACTION={add|delete}" | ||
+ | echo " -c | --krb5cc Path of the krb5 credential cache (optional)" | ||
+ | echo " Default: KRB5CC=/run/dhcpd.krb5cc" | ||
+ | echo " -d | --domain The DNS domain/zone to be updated" | ||
+ | echo " DOMAIN={domain.tld}" | ||
+ | echo " -h | --help Show this help message and exit" | ||
+ | echo " -H | --hostname Hostname of the record to be updated" | ||
+ | echo " HNAME={hostname}" | ||
+ | echo " -i | --ip IP address of the host to be updated" | ||
+ | echo " IP={0.0.0.0}" | ||
+ | echo " -k | --keytab Krb5 keytab to be used for authorization (optional)" | ||
+ | echo " Default: KEYTAB=/etc/dhcp/dhcpd.keytab" | ||
+ | echo " -m | --mitkrb5 Use MIT krb5 client utilities" | ||
+ | echo " MITKRB5={YES|NO}" | ||
+ | echo " -n | --nameserver DNS server to be updated (must use FQDN, not IP)" | ||
+ | echo " NAMESERVER={server.internal.domain.tld}" | ||
+ | echo " -p | --principal Principal used for DNS updates" | ||
+ | echo " PRINCIPAL={user@domain.tld}" | ||
+ | echo " -r | --realm Authentication realm" | ||
+ | echo " REALM={DOMAIN.TLD}" | ||
+ | echo " -z | --zone Then name of the zone to be updated in AD. | ||
+ | echo " ZONE={zonename} | ||
+ | echo "" | ||
+ | echo "Example: $(basename $0) -d domain.tld -i 192.168.0.x -n 192.168.0.x \\" | ||
+ | echo " -r DOMAIN.TLD -p user@domain.tld -H HOSTNAME -m" | ||
+ | echo "" | ||
+ | } | ||
+ | # Process arguments | ||
+ | [ -z "$1" ] && showhelp && exit 1 | ||
+ | while [ -n "$1" ]; do | ||
+ | case $1 in | ||
+ | -a | --action) | ||
+ | checkvalues ${1} ${2} | ||
+ | ACTION=${2} | ||
+ | shift 2 | ||
+ | ;; | ||
+ | -c | --krb5cc) | ||
+ | checkvalues ${1} ${2} | ||
+ | KRB5CC=${2} | ||
+ | shift 2 | ||
+ | ;; | ||
+ | -d | --domain) | ||
+ | checkvalues ${1} ${2} | ||
+ | DOMAIN=${2} | ||
+ | shift 2 | ||
+ | ;; | ||
+ | -h | --help) | ||
+ | showhelp | ||
+ | exit 0 | ||
+ | ;; | ||
+ | -H | --hostname) | ||
+ | checkvalues ${1} ${2} | ||
+ | HNAME=${2%%.*} | ||
+ | shift 2 | ||
+ | ;; | ||
+ | -i | --ip) | ||
+ | checkvalues ${1} ${2} | ||
+ | IP=${2} | ||
+ | shift 2 | ||
+ | ;; | ||
+ | -k | --keytab) | ||
+ | checkvalues ${1} ${2} | ||
+ | KEYTAB=${2} | ||
+ | shift 2 | ||
+ | ;; | ||
+ | -m | --mitkrb5) | ||
+ | KRB5MIT=YES | ||
+ | shift 1 | ||
+ | ;; | ||
+ | -n | --nameserver) | ||
+ | checkvalues ${1} ${2} | ||
+ | NAMESERVER=${2} | ||
+ | shift 2 | ||
+ | ;; | ||
+ | -p | --principal) | ||
+ | checkvalues ${1} ${2} | ||
+ | PRINCIPAL=${2} | ||
+ | shift 2 | ||
+ | ;; | ||
+ | -r | --realm) | ||
+ | checkvalues ${1} ${2} | ||
+ | REALM=${2} | ||
+ | shift 2 | ||
+ | ;; | ||
+ | -z | --zone) | ||
+ | checkvalues ${1} ${2} | ||
+ | ZONE=${2} | ||
+ | shift 2 | ||
+ | ;; | ||
+ | *) | ||
+ | echo "Error!!! Unknown command line opion!" | ||
+ | echo "Try" `basename $0` "--help." | ||
+ | exit 1 | ||
+ | ;; | ||
+ | esac | ||
+ | done | ||
+ | # Sanity checking | ||
+ | [ -z "$ACTION" ] && echo "Error: action not set." && exit 2 | ||
+ | case "$ACTION" in | ||
+ | add | Add | ADD) | ||
+ | ACTION=ADD | ||
+ | ;; | ||
+ | del | delete | Delete | DEL | DELETE) | ||
+ | ACTION=DEL | ||
+ | ;; | ||
+ | *) | ||
+ | echo "Error: invalid action \"$ACTION\"." && exit 3 | ||
+ | ;; | ||
+ | esac | ||
+ | [ -z "$KRB5CC" ] && KRB5CC=/run/dhcpd.krb5cc | ||
+ | [ -z "$DOMAIN" ] && echo "Error: invalid domain." && exit 4 | ||
+ | [ -z "$HNAME" ] && [ "$ACTION" == "ADD" ] && \ | ||
+ | echo "Error: hostname not set." && exit 5 | ||
+ | [ -z "$IP" ] && echo "Error: IP address not set." && exit 6 | ||
+ | [ -z "$KEYTAB" ] && KEYTAB=/etc/dhcp/dhcpd.keytab | ||
+ | [ -z "$NAMESERVER" ] && echo "Error: nameservers not set." && exit 7 | ||
+ | [ -z "$PRINCIPAL" ] && echo "Error: principal not set." && exit 8 | ||
+ | [ -z "$REALM" ] && echo "Error: realm not set." && exit 9 | ||
+ | [ -z "$ZONE" ] && echo "Error: zone not set." && exit 10 | ||
+ | # Disassemble IP for reverse lookups | ||
+ | OCT1=$(echo $IP | cut -d . -f 1) | ||
+ | OCT2=$(echo $IP | cut -d . -f 2) | ||
+ | OCT3=$(echo $IP | cut -d . -f 3) | ||
+ | OCT4=$(echo $IP | cut -d . -f 4) | ||
+ | RZONE="$OCT3.$OCT2.$OCT1.in-addr.arpa" | ||
+ | kerberos_creds() { | ||
+ | export KRB5_KTNAME="$KEYTAB" | ||
+ | export KRB5CCNAME="$KRB5CC" | ||
+ | if [ "$KRB5MIT" = "YES" ]; then | ||
+ | KLISTARG="-s" | ||
+ | else | ||
+ | KLISTARG="-t" | ||
+ | fi | ||
+ | klist $KLISTARG || kinit -k -t "$KEYTAB" -c "$KRB5CC" "$PRINCIPAL" || { logger -s -p daemon.error -t dhcpd kinit for dynamic DNS failed; exit 11; } | ||
+ | } | ||
+ | add_host(){ | ||
+ | logger -s -p daemon.info -t dhcpd Adding A record for host $HNAME with IP $IP to zone $ZONE on server $NAMESERVER | ||
+ | $binPathsamba-tool dns add $NAMESERVER $ZONE $HNAME A $IP -k yes | ||
+ | } | ||
+ | delete_host(){ | ||
+ | logger -s -p daemon.info -t dhcpd Removing A record for host $HNAME with IP $IP from zone $ZONE on server $NAMESERVER | ||
+ | $binPathsamba-tool dns delete $NAMESERVER $ZONE $HNAME A $IP -k yes | ||
+ | } | ||
+ | update_host(){ | ||
+ | CURIP=$(host -t A $HNAME | cut -d " " -f 4) | ||
+ | logger -s -p daemon.info -t dhcpd Removing A record for host $HNAME with IP $CURIP from zone $ZONE on server $NAMESERVER | ||
+ | $binPathsamba-tool dns delete $NAMESERVER $ZONE $HNAME A $CURIP -k yes | ||
+ | add_host | ||
+ | } | ||
+ | add_ptr(){ | ||
+ | logger -s -p daemon.info -t dhcpd Adding PTR record $OCT4 with hostname $HNAME to zone $RZONE on server $NAMESERVER | ||
+ | $binPathsamba-tool dns add $NAMESERVER $RZONE $OCT4 PTR $HNAME.$DOMAIN -k yes | ||
+ | } | ||
+ | delete_ptr(){ | ||
+ | logger -s -p daemon.info -t dhcpd Removing PTR record $OCT4 with hostname $HNAME from zone $RZONE on server $NAMESERVER | ||
+ | $binPathsamba-tool dns delete $NAMESERVER $RZONE $OCT4 PTR $HNAME.$DOMAIN -k yes | ||
+ | } | ||
+ | update_ptr(){ | ||
+ | CURHNAME=$(host -t PTR $OCT4 | cut -d " " -f 5) | ||
+ | logger -s -p daemon.info -t dhcpd Removing PTR record $OCT4 with hostname $CURHNAME from zone $RZONE on server $NAMESERVER | ||
+ | $binPathsamba-tool dns delete $NAMESERVER $RZONE $OCT4 PTR $CURHNAME -k yes | ||
+ | add_ptr | ||
+ | } | ||
+ | case "$ACTION" in | ||
+ | ADD) | ||
+ | kerberos_creds | ||
+ | host -t A $HNAME.$DOMAIN > /dev/null | ||
+ | if [ "${?}" == 0 ]; then | ||
+ | update_host | ||
+ | else | ||
+ | add_host | ||
+ | fi | ||
+ | host -t PTR $IP > /dev/null | ||
+ | if [ "${?}" == 0 ]; then | ||
+ | update_ptr | ||
+ | else | ||
+ | add_ptr | ||
+ | fi | ||
+ | ;; | ||
+ | DEL) | ||
+ | kerberos_creds | ||
+ | host -t A $HNAME.$DOMAIN > /dev/null | ||
+ | if [ "${?}" == 0 ]; then | ||
+ | delete_host | ||
+ | fi | ||
+ | host -t PTR $IP > /dev/null | ||
+ | if [ "${?}" == 0 ]; then | ||
+ | delete_ptr | ||
+ | fi | ||
+ | ;; | ||
+ | *) | ||
+ | echo "Error: Invalid action '$ACTION'!" && exit 12 | ||
+ | ;; | ||
+ | esac | ||
+ | # End samba-dnsupdate.sh | ||
+ | EOF | ||
+ | chmod 750 /usr/sbin/samba-dnsupdate.sh | ||
+ | |||
+ | cat > /etc/dhcpd/update.sh << "EOF" | ||
+ | #!/bin/bash | ||
+ | # Begin /etc/dhcpd/update.sh | ||
+ | # Variables | ||
+ | KRB5CC="/run/dhcpd4.krb5cc" | ||
+ | KEYTAB="/etc/dhcpd/dhcpd.keytab" | ||
+ | DOMAIN="CORP.NET" | ||
+ | REALM="CORP.NET" | ||
+ | PRINCIPAL="dhcp@${REALM}" | ||
+ | NAMESERVER="server.${DOMAIN}" | ||
+ | ZONE="${DOMAIN}" | ||
+ | ACTION=$1 | ||
+ | IP=$2 | ||
+ | HNAME=$3 | ||
+ | export KRB5CC KEYTAB DOMAIN REALM PRINCIPAL NAMESERVER ZONE ACTION IP HNAME | ||
+ | /usr/sbin/samba-dnsupdate.sh -m & | ||
+ | # End /etc/dhcpd/update.sh | ||
+ | EOF | ||
+ | chmod 750 /etc/dhcpd/update.sh | ||
+ | DHCPD Konfiguration anpassen | ||
+ | on commit { | ||
+ | set ClientIP = binary-to-ascii(10, 8, ".", leased-address); | ||
+ | set ClientName = pick-first-value(option host-name, host-decl-name); | ||
+ | execute("/etc/dhcpd/update.sh", "add", ClientIP, ClientName); | ||
+ | } | ||
+ | on release { | ||
+ | set ClientIP = binary-to-ascii(10, 8, ".", leased-address); | ||
+ | set ClientName = pick-first-value(option host-name, host-decl-name); | ||
+ | execute("/etc/dhcpd/update.sh", "delete", ClientIP, ClientName); | ||
+ | } | ||
+ | on expiry { | ||
+ | set ClientIP = binary-to-ascii(10, 8, ".", leased-address); | ||
+ | set ClientName = pick-first-value(option host-name, host-decl-name); | ||
+ | execute("/etc/dhcpd/update.sh", "delete", ClientIP, ClientName); | ||
+ | } | ||
+ | |||
+ | === Ubuntu 14.04 Installation / LVM === | ||
+ | * Installation der Softwarepakete | ||
+ | |||
+ | === Ubuntu 14.04 Installation / PostgreSQL === | ||
+ | apt-get install postgresql-9.3 | ||
+ | apt-get install postgresql-contrib-9.3 | ||
+ | apt-get install pgadmin3 | ||
+ | sudo -u postgres psql postgres | ||
+ | \password postgres | ||
+ | \q | ||
+ | |||
+ | pg_hba.conf | ||
+ | local all all peer -> md5 | ||
+ | host all all ::1/128 ident ->md5 | ||
+ | |||
+ | postgresql.conf listen_addresses='*' | ||
+ | apt-get install language-pack-de-base | ||
+ | apt-get install language-pack-de | ||
+ | |||
+ | == Einzelnachweise == | ||
+ | <references /> |
Aktuelle Version vom 13. September 2015, 10:25 Uhr
Inhaltsverzeichnis
Debian
Debian 5 Installation (VMware)
- Installation mit Netzwerkspiegel
- CD bereitstellen
- aptitude install psmisc (Killproc VMware)
- aptitude install gcc-4.1 + link
- aptitude install Linux-headers-2.6.26-2-all-amd64
- aptitude install make
- Install vmwaretool
Hinweis:
- Debian Source /etc/apt/sources.list (apt-get update)
- aptitude search …
Debian 6 Installation (VMware)
- Installation mit Netzwerkspiegel
- CD bereitstellen
- aptitude install gcc-4.3 + link
- aptitude install Linux-headers-…-2-all-amd64
- aptitude install make
- Install vmwaretool
Ubuntu
Ubuntu 14.04 Installation / Samba4
- Ubuntu 14.04 Server Standard durchführen (OpenSSH Server auswählen).
- Password für den Root-User setzen.
sudo passwd root
- statische IP-Adresse in der Datei /etc/network/interface setzen.
face eth0 inet static Ub address 172.16.41.200 netmaster 255.255.255.0 network 172.16.41.0 broadcast 172.16.41.255 gateway 172.16.41.2 dns-nameservers 172.16.41.200 8.8.8.8 dbs-serach corp.net
- Hostnamen setzen (/etc/hosts).
172.16.41.200 selb-main1.corp.net echo selb-main1.corp.net > /etc/hostname
- Softwareupdate durchführen.
apt-get update && apt-get upgrade -y
- Softwarepakete installieren (Konfiguration Kerberos 2x selb-main1).
apt-get install git acl attr autoconf bison build-essential \ debhelper dnsutils docbook-xml docbook-xsl flex gdb krb5-user \ libacl1-dev libaio-dev libattr1-dev libblkid-dev libbsd-dev \ libcap-dev libcups2-dev libgnutls-dev libjson-perl \ libldap2-dev libncurses5-dev libpam0g-dev libparse-yapp-perl \ libpopt-dev libreadline-dev perl perl-modules pkg-config \ python-all-dev python-dev python-dnspython python-novaclient \ xsltproc zlib1g-dev old apt-get install git build-essential libacl1-dev libattr1-dev libblkid-dev libgnutls-dev libreadline-dev python-dev python-dnspython gdb pkg-config libpopt-dev libldap2-dev dnsutils libbsd-dev attr krb5-user docbook-xsl libcups2-dev libpam0q-dev ntp -u
- Aktuelle Samba4 Version von Samba.org laden.
git clone -b v4-2-stable git://git.samba.org/samba.git samba4 (wird im aktuellen Verzeichnis abgelegt)
- Software kompilieren und installieren.
cd samba4 ./configure —enable-debug —enable-selftest make make install
- Domaine erstelle.
cd /usr/local/samba/bin/ samba-tool domain provision Realm [CORP.NET]: Domain [CORP]: Server Role (dc, member, standalone) [dc]: DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: DNS forwarder IP address (write 'none' to disable forwarding) [8.8.8.8]: Administrator password: Retype password: (samba-tool domain provision —realm=CORP.NET —domain=CORP —adminpass=„Server123“ —server-role=dc —dns-backend=SAMBA_INTERNAL)
- Samba Logging aktvieren (smb.conf)
# Debug Logging information log level = 2 log file = /var/log/samba/samba.log.%m max log size = 50 debug timestamp = yes
- Samba starten.
/usr/local/samba/sbin/samba
- Sambaversionen überprüfen, müssen identisch sein.
/usr/local/samba/sbin/samba -V /usr/local/samba/bin/smbclient -V
- Samba Funktionalität überprüfen.
/usr/local/samba/bin/smbclient -L localhost -U% /usr/local/samba/bin/smbclient //localhost/netlogon -U Administrator%“Server123“ -c ls
- Namensauflösung anpassen.
echo domain CORP.NET >> /etc/resolv.conf
- DNS Forwarder in Sambakonfiguratiosdatei (usr/local/samba/etc/smb.conf) ändern.
dns forwarder = 8.8.8.8
- Kerberos konfigurieren (/usr/local/samba/share/setup/krb5.conf).
default_realm = CORP.NET
- Kerberos überprüfen.
kinit adminiatrator@CORP.NET klist -e
- Kerberos Fehlersuche
KRB5_TRACE=/dev/stdout kinit administrator less /etc/krb5.conf
- Samba Autorun, (/etc/init) [1]
description "SMB/CIFS File and Active Directory Server" author "Jelmer Vernooij " start on (local-filesystems and net-device-up) stop on runlevel [!2345] expect fork normal exit 0 pre-start script [ -r /etc/default/samba4 ] && . /etc/default/samba4 install -o root -g root -m 755 -d /var/run/samba install -o root -g root -m 755 -d /var/log/samba end script exec /usr/local/samba/sbin/samba -D
chmod 755 samba4.conf chmod +x samba4.conf
- Zeitserver konfigurieren (/etc/ntp.conf).
- Userverzeichnis erstellen und konfigurieren.
mkdir -m 770 /Users chmod g+s /Users chown root:users /Users
- Userverzeichnis mit Samba bereitstellen.
[Users] directory_mode: parameter = 0700 read only = No path = /Users csc policy = documents
- Ablauf des Passworts für den Administrator deaktivieren.
samba-tool user setexpiry administrator —noexpiry
- Passwortkomplexität deaktivieren.
samba-tool domain passwordsettings show samba-tool domain passwordsettings set —complexity=off samba-tool domain passwordsettings set --min-pwd-length=0 samba-tool domain passwordsettings set --history-length=0
- Domänverwaltung erfolgt über einen Windows-Client(Windows 7).
http://www.microsoft.com/en-us/download/details.aspx?id=7887 Feature nach der Installation aktivieren.
- Grafische Oberfläche auf dem Ubuntu-Server installieren.
apt-get install xorg gnome-core gnome-system-tools gnome-app-install
- Samba Logging konfigurieren.
# Debug Logging information log level = 2 log file = /var/log/samba/samba.log.%m max log size = 50 debug timestamp = yes
- DHCP Server installieren
apt-get install isc-dhcp-server
- DHCP Config
# Begin /etc/dhcpd.conf # Internal subnet subnet 172.16.42.0 netmask 255.255.255.0 { range 172.16.42.20 172.16.42.50; interface eth0; option subnet-mask 255.255.255.0; option routers 172.16.42.2; option domain-name "corp.net"; option domain-name-servers 172.16.42.200; option broadcast-address 172.16.42.255; default-lease-time 28800; max-lease-time 43200; authoritative;
- Sambaanpassung für DHCP [2]
Create User und add Group
samba-tool user create dhcp --description="Unprivileged user for DNS updates via DHCP server" samba-tool group addmembers DnsAdmins dhcp
Export Benutzerberechtigung
samba-tool domain exportkeytab --principal=dhcp@corp.net dhcpd.keytab install -vdm 755 /etc/dhcpd mv dhcpd.keytab /etc/dhcpd/ chown root:root /etc/dhcpd/dhcpd.keytab chmod 400 /etc/dhcpd/dhcpd.keytab
Scripte erstellen
cat > /usr/sbin/samba-dnsupdate.sh << "EOF" #!/bin/bash # Begin samba-dnsupdate.sh # Author: DJ Lucas <dj_AT_linuxfromscratch_DOT_org> # kerberos_creds() courtesy of Sergey Urushkin # http://www.kuron-germany.de/michael/blog/wp-content/uploads/2012/03/dhcpdns-sergey2.txt # DHCP server should be authoritative for its own records, sleep for 5 seconds # to allow unconfigured Windows hosts to create their own DNS records # In order to use this script you should disable dynamic updates by hosts that # will receive addresses from this DHCP server. Instructions are found here: # https://wiki.archlinux.org/index.php/Samba_4_Active_Directory_Domain_Controller#DHCP binPath=/usr/local/samba/bin/ sleep 5 checkvalues() { [ -z "${2}" ] && echo "Error: argument '${1}' requires a parameter." && exit 1 case ${2} in -*) echo "Error: Invalid parameter '${2}' passed to ${1}." exit 1 ;; *) return 0 ;; esac } showhelp() { echo -e "\n"`basename ${0}` "uses samba-tool to update DNS records in Samba 4's DNS" echo "server when using INTERNAL DNS or BIND9 DLZ plugin." echo "" echo " Command line options (and variables):" echo "" echo " -a | --action Action for this script to perform" echo " ACTION={add|delete}" echo " -c | --krb5cc Path of the krb5 credential cache (optional)" echo " Default: KRB5CC=/run/dhcpd.krb5cc" echo " -d | --domain The DNS domain/zone to be updated" echo " DOMAIN={domain.tld}" echo " -h | --help Show this help message and exit" echo " -H | --hostname Hostname of the record to be updated" echo " HNAME={hostname}" echo " -i | --ip IP address of the host to be updated" echo " IP={0.0.0.0}" echo " -k | --keytab Krb5 keytab to be used for authorization (optional)" echo " Default: KEYTAB=/etc/dhcp/dhcpd.keytab" echo " -m | --mitkrb5 Use MIT krb5 client utilities" echo " MITKRB5={YES|NO}" echo " -n | --nameserver DNS server to be updated (must use FQDN, not IP)" echo " NAMESERVER={server.internal.domain.tld}" echo " -p | --principal Principal used for DNS updates" echo " PRINCIPAL={user@domain.tld}" echo " -r | --realm Authentication realm" echo " REALM={DOMAIN.TLD}" echo " -z | --zone Then name of the zone to be updated in AD. echo " ZONE={zonename} echo "" echo "Example: $(basename $0) -d domain.tld -i 192.168.0.x -n 192.168.0.x \\" echo " -r DOMAIN.TLD -p user@domain.tld -H HOSTNAME -m" echo "" } # Process arguments [ -z "$1" ] && showhelp && exit 1 while [ -n "$1" ]; do case $1 in -a | --action) checkvalues ${1} ${2} ACTION=${2} shift 2 ;; -c | --krb5cc) checkvalues ${1} ${2} KRB5CC=${2} shift 2 ;; -d | --domain) checkvalues ${1} ${2} DOMAIN=${2} shift 2 ;; -h | --help) showhelp exit 0 ;; -H | --hostname) checkvalues ${1} ${2} HNAME=${2%%.*} shift 2 ;; -i | --ip) checkvalues ${1} ${2} IP=${2} shift 2 ;; -k | --keytab) checkvalues ${1} ${2} KEYTAB=${2} shift 2 ;; -m | --mitkrb5) KRB5MIT=YES shift 1 ;; -n | --nameserver) checkvalues ${1} ${2} NAMESERVER=${2} shift 2 ;; -p | --principal) checkvalues ${1} ${2} PRINCIPAL=${2} shift 2 ;; -r | --realm) checkvalues ${1} ${2} REALM=${2} shift 2 ;; -z | --zone) checkvalues ${1} ${2} ZONE=${2} shift 2 ;; *) echo "Error!!! Unknown command line opion!" echo "Try" `basename $0` "--help." exit 1 ;; esac done # Sanity checking [ -z "$ACTION" ] && echo "Error: action not set." && exit 2 case "$ACTION" in add | Add | ADD) ACTION=ADD ;; del | delete | Delete | DEL | DELETE) ACTION=DEL ;; *) echo "Error: invalid action \"$ACTION\"." && exit 3 ;; esac [ -z "$KRB5CC" ] && KRB5CC=/run/dhcpd.krb5cc [ -z "$DOMAIN" ] && echo "Error: invalid domain." && exit 4 [ -z "$HNAME" ] && [ "$ACTION" == "ADD" ] && \ echo "Error: hostname not set." && exit 5 [ -z "$IP" ] && echo "Error: IP address not set." && exit 6 [ -z "$KEYTAB" ] && KEYTAB=/etc/dhcp/dhcpd.keytab [ -z "$NAMESERVER" ] && echo "Error: nameservers not set." && exit 7 [ -z "$PRINCIPAL" ] && echo "Error: principal not set." && exit 8 [ -z "$REALM" ] && echo "Error: realm not set." && exit 9 [ -z "$ZONE" ] && echo "Error: zone not set." && exit 10 # Disassemble IP for reverse lookups OCT1=$(echo $IP | cut -d . -f 1) OCT2=$(echo $IP | cut -d . -f 2) OCT3=$(echo $IP | cut -d . -f 3) OCT4=$(echo $IP | cut -d . -f 4) RZONE="$OCT3.$OCT2.$OCT1.in-addr.arpa" kerberos_creds() { export KRB5_KTNAME="$KEYTAB" export KRB5CCNAME="$KRB5CC" if [ "$KRB5MIT" = "YES" ]; then KLISTARG="-s" else KLISTARG="-t" fi klist $KLISTARG || kinit -k -t "$KEYTAB" -c "$KRB5CC" "$PRINCIPAL" || { logger -s -p daemon.error -t dhcpd kinit for dynamic DNS failed; exit 11; } } add_host(){ logger -s -p daemon.info -t dhcpd Adding A record for host $HNAME with IP $IP to zone $ZONE on server $NAMESERVER $binPathsamba-tool dns add $NAMESERVER $ZONE $HNAME A $IP -k yes } delete_host(){ logger -s -p daemon.info -t dhcpd Removing A record for host $HNAME with IP $IP from zone $ZONE on server $NAMESERVER $binPathsamba-tool dns delete $NAMESERVER $ZONE $HNAME A $IP -k yes } update_host(){ CURIP=$(host -t A $HNAME | cut -d " " -f 4) logger -s -p daemon.info -t dhcpd Removing A record for host $HNAME with IP $CURIP from zone $ZONE on server $NAMESERVER $binPathsamba-tool dns delete $NAMESERVER $ZONE $HNAME A $CURIP -k yes add_host } add_ptr(){ logger -s -p daemon.info -t dhcpd Adding PTR record $OCT4 with hostname $HNAME to zone $RZONE on server $NAMESERVER $binPathsamba-tool dns add $NAMESERVER $RZONE $OCT4 PTR $HNAME.$DOMAIN -k yes } delete_ptr(){ logger -s -p daemon.info -t dhcpd Removing PTR record $OCT4 with hostname $HNAME from zone $RZONE on server $NAMESERVER $binPathsamba-tool dns delete $NAMESERVER $RZONE $OCT4 PTR $HNAME.$DOMAIN -k yes } update_ptr(){ CURHNAME=$(host -t PTR $OCT4 | cut -d " " -f 5) logger -s -p daemon.info -t dhcpd Removing PTR record $OCT4 with hostname $CURHNAME from zone $RZONE on server $NAMESERVER $binPathsamba-tool dns delete $NAMESERVER $RZONE $OCT4 PTR $CURHNAME -k yes add_ptr } case "$ACTION" in ADD) kerberos_creds host -t A $HNAME.$DOMAIN > /dev/null if [ "${?}" == 0 ]; then update_host else add_host fi host -t PTR $IP > /dev/null if [ "${?}" == 0 ]; then update_ptr else add_ptr fi ;; DEL) kerberos_creds host -t A $HNAME.$DOMAIN > /dev/null if [ "${?}" == 0 ]; then delete_host fi host -t PTR $IP > /dev/null if [ "${?}" == 0 ]; then delete_ptr fi ;; *) echo "Error: Invalid action '$ACTION'!" && exit 12 ;; esac # End samba-dnsupdate.sh EOF chmod 750 /usr/sbin/samba-dnsupdate.sh
cat > /etc/dhcpd/update.sh << "EOF" #!/bin/bash # Begin /etc/dhcpd/update.sh # Variables KRB5CC="/run/dhcpd4.krb5cc" KEYTAB="/etc/dhcpd/dhcpd.keytab" DOMAIN="CORP.NET" REALM="CORP.NET" PRINCIPAL="dhcp@${REALM}" NAMESERVER="server.${DOMAIN}" ZONE="${DOMAIN}" ACTION=$1 IP=$2 HNAME=$3 export KRB5CC KEYTAB DOMAIN REALM PRINCIPAL NAMESERVER ZONE ACTION IP HNAME /usr/sbin/samba-dnsupdate.sh -m & # End /etc/dhcpd/update.sh EOF chmod 750 /etc/dhcpd/update.sh
DHCPD Konfiguration anpassen
on commit { set ClientIP = binary-to-ascii(10, 8, ".", leased-address); set ClientName = pick-first-value(option host-name, host-decl-name); execute("/etc/dhcpd/update.sh", "add", ClientIP, ClientName); } on release { set ClientIP = binary-to-ascii(10, 8, ".", leased-address); set ClientName = pick-first-value(option host-name, host-decl-name); execute("/etc/dhcpd/update.sh", "delete", ClientIP, ClientName); } on expiry { set ClientIP = binary-to-ascii(10, 8, ".", leased-address); set ClientName = pick-first-value(option host-name, host-decl-name); execute("/etc/dhcpd/update.sh", "delete", ClientIP, ClientName); }
Ubuntu 14.04 Installation / LVM
- Installation der Softwarepakete
Ubuntu 14.04 Installation / PostgreSQL
apt-get install postgresql-9.3 apt-get install postgresql-contrib-9.3 apt-get install pgadmin3 sudo -u postgres psql postgres \password postgres \q pg_hba.conf local all all peer -> md5 host all all ::1/128 ident ->md5
postgresql.conf listen_addresses='*' apt-get install language-pack-de-base apt-get install language-pack-de