Installationsanleitung: Unterschied zwischen den Versionen
Aus MeinWiki
(→Ubuntu 14.04 Installation / Samba4) |
(→Ubuntu 14.04 Installation / Samba4) |
||
Zeile 81: | Zeile 81: | ||
*Samba Funktionalität überprüfen. | *Samba Funktionalität überprüfen. | ||
/usr/local/samba/bin/smbclient -L localhost -U% | /usr/local/samba/bin/smbclient -L localhost -U% | ||
− | /usr/local/samba/bin/smbclient //localhost/netlogon - | + | /usr/local/samba/bin/smbclient //localhost/netlogon -U Administrator%“Server123“ -c ls |
*Namensauflösung anpassen. | *Namensauflösung anpassen. | ||
echo domain CORP.NET >> /etc/resolv.conf | echo domain CORP.NET >> /etc/resolv.conf |
Version vom 12. September 2015, 08:21 Uhr
Inhaltsverzeichnis
Debian
Debian 5 Installation (VMware)
- Installation mit Netzwerkspiegel
- CD bereitstellen
- aptitude install psmisc (Killproc VMware)
- aptitude install gcc-4.1 + link
- aptitude install Linux-headers-2.6.26-2-all-amd64
- aptitude install make
- Install vmwaretool
Hinweis:
- Debian Source /etc/apt/sources.list (apt-get update)
- aptitude search …
Debian 6 Installation (VMware)
- Installation mit Netzwerkspiegel
- CD bereitstellen
- aptitude install gcc-4.3 + link
- aptitude install Linux-headers-…-2-all-amd64
- aptitude install make
- Install vmwaretool
Ubuntu
Ubuntu 14.04 Installation / Samba4
- Ubuntu 14.04 Server Standard durchführen (OpenSSH Server auswählen).
- Password für den Root-User setzen.
sudo passwd root
- statische IP-Adresse in der Datei /etc/network/interface setzen.
face eth0 inet static Ub address 172.16.41.200 netmaster 255.255.255.0 network 172.16.41.0 broadcast 172.16.41.255 gateway 172.16.41.2 dns-nameservers 172.16.41.200 8.8.8.8 dbs-serach corp.net
- Hostnamen setzen (/etc/hosts).
172.16.41.200 selb-main1.corp.net echo selb-main1.corp.net > /etc/hostname
- Softwareupdate durchführen.
apt-get update && apt-get upgrade -y
- Softwarepakete installieren (Konfiguration Kerberos 2x selb-main1).
apt-get install git acl attr autoconf bison build-essential \ debhelper dnsutils docbook-xml docbook-xsl flex gdb krb5-user \ libacl1-dev libaio-dev libattr1-dev libblkid-dev libbsd-dev \ libcap-dev libcups2-dev libgnutls-dev libjson-perl \ libldap2-dev libncurses5-dev libpam0g-dev libparse-yapp-perl \ libpopt-dev libreadline-dev perl perl-modules pkg-config \ python-all-dev python-dev python-dnspython python-novaclient \ xsltproc zlib1g-dev old apt-get install git build-essential libacl1-dev libattr1-dev libblkid-dev libgnutls-dev libreadline-dev python-dev python-dnspython gdb pkg-config libpopt-dev libldap2-dev dnsutils libbsd-dev attr krb5-user docbook-xsl libcups2-dev libpam0q-dev ntp -u
- Aktuelle Samba4 Version von Samba.org laden.
git clone -b v4-2-stable git://git.samba.org/samba.git samba4 (wird im aktuellen Verzeichnis abgelegt)
- Software kompilieren und installieren.
cd samba4 ./configure —enable-debug —enable-selftest make make install
- Domaine erstelle.
cd /usr/local/samba/bin/ samba-tool domain provision Realm [CORP.NET]: Domain [CORP]: Server Role (dc, member, standalone) [dc]: DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: DNS forwarder IP address (write 'none' to disable forwarding) [8.8.8.8]: Administrator password: Retype password: (samba-tool domain provision —realm=CORP.NET —domain=CORP —adminpass=„Server123“ —server-role=dc —dns-backend=SAMBA_INTERNAL)
- Samba Logging aktvieren (smb.conf)
# Debug Logging information log level = 2 log file = /var/log/samba/samba.log.%m max log size = 50 debug timestamp = yes
- Samba starten.
/usr/local/samba/sbin/samba
- Sambaversionen überprüfen, müssen identisch sein.
/usr/local/samba/sbin/samba -V /usr/local/samba/bin/smbclient -V
- Samba Funktionalität überprüfen.
/usr/local/samba/bin/smbclient -L localhost -U% /usr/local/samba/bin/smbclient //localhost/netlogon -U Administrator%“Server123“ -c ls
- Namensauflösung anpassen.
echo domain CORP.NET >> /etc/resolv.conf
- DNS Forwarder in Sambakonfiguratiosdatei (usr/local/samba/etc/smb.conf) ändern.
dns forwarder = 8.8.8.8
- Kerberos konfigurieren (/usr/local/samba/share/setup/krb5.conf).
default_realm = CORP.NET
- Kerberos überprüfen.
kinit adminiatrator@CORP.NET klist -e
- Samba Autorun, (/etc/init) [1]
description "SMB/CIFS File and Active Directory Server" author "Jelmer Vernooij " start on (local-filesystems and net-device-up) stop on runlevel [!2345] expect fork normal exit 0 pre-start script
[ -r /etc/default/samba4 ] && . /etc/default/samba4 install -o root -g root -m 755 -d /var/run/samba install -o root -g root -m 755 -d /var/log/samba
end script exec /usr/local/samba/sbin/samba -D
chmod 755 samba4.conf chmod +x samba4.conf
- Zeitserver konfigurieren (/etc/ntp.conf).
- Userverzeichnis erstellen und konfigurieren.
mkdir -m 770 /Users chmod g+s /Users chown root:users /Users
- Userverzeichnis mit Samba bereitstellen.
[Users] directory_mode: parameter = 0700 read only = No path = /Users csc policy = documents
- Ablauf des Passworts für den Administrator deaktivieren.
samba-tool user setexpiry administrator —noexpiry
- Passwortkomplexität deaktivieren.
samba-tool domain passwordsettings set —complexity=off
- Domänverwaltung erfolgt über einen Windows-Client(Windows 7).
http://www.microsoft.com/en-us/download/details.aspx?id=7887 Feature nach der Installation aktivieren.
- Grafische Oberfläche auf dem Ubuntu-Server installieren.
apt-get install xorg gnome-core gnome-system-tools gnome-app-install
- Samba Logging konfigurieren.
# Debug Logging information log level = 2 log file = /var/log/samba/samba.log.%m max log size = 50 debug timestamp = yes
- DHCP Server installieren
apt-get install isc-dhcp-server
- Sambaanpassung für DHCP [2]
Create User und add Group
samba-tool user create dhcp --description="Unprivileged user for DNS updates via DHCP server" samba-tool group addmembers DnsAdmins dhcp
Export Benutzerberechtigung
samba-tool domain exportkeytab --principal=dhcp@corp.net dhcpd.keytab install -vdm 755 /etc/dhcpd mv dhcpd.keytab /etc/dhcpd/ chown root:root /etc/dhcpd/dhcpd.keytab chmod 400 /etc/dhcpd/dhcpd.keytab
Scripte erstellen
cat > /usr/sbin/samba-dnsupdate.sh << "EOF" #!/bin/bash # Begin samba-dnsupdate.sh # Author: DJ Lucas <dj_AT_linuxfromscratch_DOT_org> # kerberos_creds() courtesy of Sergey Urushkin # http://www.kuron-germany.de/michael/blog/wp-content/uploads/2012/03/dhcpdns-sergey2.txt # DHCP server should be authoritative for its own records, sleep for 5 seconds # to allow unconfigured Windows hosts to create their own DNS records # In order to use this script you should disable dynamic updates by hosts that # will receive addresses from this DHCP server. Instructions are found here: # https://wiki.archlinux.org/index.php/Samba_4_Active_Directory_Domain_Controller#DHCP binPath=/usr/local/samba/bin/ sleep 5 checkvalues() { [ -z "${2}" ] && echo "Error: argument '${1}' requires a parameter." && exit 1 case ${2} in -*) echo "Error: Invalid parameter '${2}' passed to ${1}." exit 1 ;; *) return 0 ;; esac } showhelp() { echo -e "\n"`basename ${0}` "uses samba-tool to update DNS records in Samba 4's DNS" echo "server when using INTERNAL DNS or BIND9 DLZ plugin." echo "" echo " Command line options (and variables):" echo "" echo " -a | --action Action for this script to perform" echo " ACTION={add|delete}" echo " -c | --krb5cc Path of the krb5 credential cache (optional)" echo " Default: KRB5CC=/run/dhcpd.krb5cc" echo " -d | --domain The DNS domain/zone to be updated" echo " DOMAIN={domain.tld}" echo " -h | --help Show this help message and exit" echo " -H | --hostname Hostname of the record to be updated" echo " HNAME={hostname}" echo " -i | --ip IP address of the host to be updated" echo " IP={0.0.0.0}" echo " -k | --keytab Krb5 keytab to be used for authorization (optional)" echo " Default: KEYTAB=/etc/dhcp/dhcpd.keytab" echo " -m | --mitkrb5 Use MIT krb5 client utilities" echo " MITKRB5={YES|NO}" echo " -n | --nameserver DNS server to be updated (must use FQDN, not IP)" echo " NAMESERVER={server.internal.domain.tld}" echo " -p | --principal Principal used for DNS updates" echo " PRINCIPAL={user@domain.tld}" echo " -r | --realm Authentication realm" echo " REALM={DOMAIN.TLD}" echo " -z | --zone Then name of the zone to be updated in AD. echo " ZONE={zonename} echo "" echo "Example: $(basename $0) -d domain.tld -i 192.168.0.x -n 192.168.0.x \\" echo " -r DOMAIN.TLD -p user@domain.tld -H HOSTNAME -m" echo "" } # Process arguments [ -z "$1" ] && showhelp && exit 1 while [ -n "$1" ]; do case $1 in -a | --action) checkvalues ${1} ${2} ACTION=${2} shift 2 ;; -c | --krb5cc) checkvalues ${1} ${2} KRB5CC=${2} shift 2 ;; -d | --domain) checkvalues ${1} ${2} DOMAIN=${2} shift 2 ;; -h | --help) showhelp exit 0 ;; -H | --hostname) checkvalues ${1} ${2} HNAME=${2%%.*} shift 2 ;; -i | --ip) checkvalues ${1} ${2} IP=${2} shift 2 ;; -k | --keytab) checkvalues ${1} ${2} KEYTAB=${2} shift 2 ;; -m | --mitkrb5) KRB5MIT=YES shift 1 ;; -n | --nameserver) checkvalues ${1} ${2} NAMESERVER=${2} shift 2 ;; -p | --principal) checkvalues ${1} ${2} PRINCIPAL=${2} shift 2 ;; -r | --realm) checkvalues ${1} ${2} REALM=${2} shift 2 ;; -z | --zone) checkvalues ${1} ${2} ZONE=${2} shift 2 ;; *) echo "Error!!! Unknown command line opion!" echo "Try" `basename $0` "--help." exit 1 ;; esac done # Sanity checking [ -z "$ACTION" ] && echo "Error: action not set." && exit 2 case "$ACTION" in add | Add | ADD) ACTION=ADD ;; del | delete | Delete | DEL | DELETE) ACTION=DEL ;; *) echo "Error: invalid action \"$ACTION\"." && exit 3 ;; esac [ -z "$KRB5CC" ] && KRB5CC=/run/dhcpd.krb5cc [ -z "$DOMAIN" ] && echo "Error: invalid domain." && exit 4 [ -z "$HNAME" ] && [ "$ACTION" == "ADD" ] && \ echo "Error: hostname not set." && exit 5 [ -z "$IP" ] && echo "Error: IP address not set." && exit 6 [ -z "$KEYTAB" ] && KEYTAB=/etc/dhcp/dhcpd.keytab [ -z "$NAMESERVER" ] && echo "Error: nameservers not set." && exit 7 [ -z "$PRINCIPAL" ] && echo "Error: principal not set." && exit 8 [ -z "$REALM" ] && echo "Error: realm not set." && exit 9 [ -z "$ZONE" ] && echo "Error: zone not set." && exit 10 # Disassemble IP for reverse lookups OCT1=$(echo $IP | cut -d . -f 1) OCT2=$(echo $IP | cut -d . -f 2) OCT3=$(echo $IP | cut -d . -f 3) OCT4=$(echo $IP | cut -d . -f 4) RZONE="$OCT3.$OCT2.$OCT1.in-addr.arpa" kerberos_creds() { export KRB5_KTNAME="$KEYTAB" export KRB5CCNAME="$KRB5CC" if [ "$KRB5MIT" = "YES" ]; then KLISTARG="-s" else KLISTARG="-t" fi klist $KLISTARG || kinit -k -t "$KEYTAB" -c "$KRB5CC" "$PRINCIPAL" || { logger -s -p daemon.error -t dhcpd kinit for dynamic DNS failed; exit 11; } } add_host(){ logger -s -p daemon.info -t dhcpd Adding A record for host $HNAME with IP $IP to zone $ZONE on server $NAMESERVER $binPathsamba-tool dns add $NAMESERVER $ZONE $HNAME A $IP -k yes } delete_host(){ logger -s -p daemon.info -t dhcpd Removing A record for host $HNAME with IP $IP from zone $ZONE on server $NAMESERVER $binPathsamba-tool dns delete $NAMESERVER $ZONE $HNAME A $IP -k yes } update_host(){ CURIP=$(host -t A $HNAME | cut -d " " -f 4) logger -s -p daemon.info -t dhcpd Removing A record for host $HNAME with IP $CURIP from zone $ZONE on server $NAMESERVER $binPathsamba-tool dns delete $NAMESERVER $ZONE $HNAME A $CURIP -k yes add_host } add_ptr(){ logger -s -p daemon.info -t dhcpd Adding PTR record $OCT4 with hostname $HNAME to zone $RZONE on server $NAMESERVER $binPathsamba-tool dns add $NAMESERVER $RZONE $OCT4 PTR $HNAME.$DOMAIN -k yes } delete_ptr(){ logger -s -p daemon.info -t dhcpd Removing PTR record $OCT4 with hostname $HNAME from zone $RZONE on server $NAMESERVER $binPathsamba-tool dns delete $NAMESERVER $RZONE $OCT4 PTR $HNAME.$DOMAIN -k yes } update_ptr(){ CURHNAME=$(host -t PTR $OCT4 | cut -d " " -f 5) logger -s -p daemon.info -t dhcpd Removing PTR record $OCT4 with hostname $CURHNAME from zone $RZONE on server $NAMESERVER $binPathsamba-tool dns delete $NAMESERVER $RZONE $OCT4 PTR $CURHNAME -k yes add_ptr } case "$ACTION" in ADD) kerberos_creds host -t A $HNAME.$DOMAIN > /dev/null if [ "${?}" == 0 ]; then update_host else add_host fi host -t PTR $IP > /dev/null if [ "${?}" == 0 ]; then update_ptr else add_ptr fi ;; DEL) kerberos_creds host -t A $HNAME.$DOMAIN > /dev/null if [ "${?}" == 0 ]; then delete_host fi host -t PTR $IP > /dev/null if [ "${?}" == 0 ]; then delete_ptr fi ;; *) echo "Error: Invalid action '$ACTION'!" && exit 12 ;; esac # End samba-dnsupdate.sh EOF chmod 750 /usr/sbin/samba-dnsupdate.sh
cat > /etc/dhcpd/update.sh << "EOF" #!/bin/bash # Begin /etc/dhcpd/update.sh # Variables KRB5CC="/run/dhcpd4.krb5cc" KEYTAB="/etc/dhcpd/dhcpd.keytab" DOMAIN="CORP.NET" REALM="CORP.NET" PRINCIPAL="dhcp@${REALM}" NAMESERVER="server.${DOMAIN}" ZONE="${DOMAIN}" ACTION=$1 IP=$2 HNAME=$3 export KRB5CC KEYTAB DOMAIN REALM PRINCIPAL NAMESERVER ZONE ACTION IP HNAME /usr/sbin/samba-dnsupdate.sh -m & # End /etc/dhcpd/update.sh EOF chmod 750 /etc/dhcpd/update.sh
DHCPD Konfiguration anpassen
on commit { set ClientIP = binary-to-ascii(10, 8, ".", leased-address); set ClientName = pick-first-value(option host-name, host-decl-name); execute("/etc/dhcpd/update.sh", "add", ClientIP, ClientName); } on release { set ClientIP = binary-to-ascii(10, 8, ".", leased-address); set ClientName = pick-first-value(option host-name, host-decl-name); execute("/etc/dhcpd/update.sh", "delete", ClientIP, ClientName); } on expiry { set ClientIP = binary-to-ascii(10, 8, ".", leased-address); set ClientName = pick-first-value(option host-name, host-decl-name); execute("/etc/dhcpd/update.sh", "delete", ClientIP, ClientName); }
Ubuntu 14.04 Installation / PostgreSQL
apt-get install postgresql-9.3 apt-get install postgresql-contrib-9.3 apt-get install pgadmin3 sudo -u postgres psql postgres \password postgres \q pg_hba.conf local all all peer -> md5 host all all ::1/128 ident ->md5
postgresql.conf listen_addresses='*' apt-get install language-pack-de-base apt-get install language-pack-de