Difference between revisions of "Samba4 BDC"
From Stadm
Jump to navigationJump to search| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | |||
| − | |||
[[Category:Samba]] | [[Category:Samba]] | ||
[[Category:Samba4AD]] | [[Category:Samba4AD]] | ||
| Line 24: | Line 22: | ||
*should end with | *should end with | ||
Joined domain EXAMPLE (SID ...) as a DC | Joined domain EXAMPLE (SID ...) as a DC | ||
| + | |||
| + | ==Transfer Roles== | ||
| + | *DNS entries must ne setup before you can transfer roles, samba must be running (check log before for any errors) | ||
| + | *see who has what roles | ||
| + | samba-tool fsmo show | ||
| + | *transfer them all(can also transfer individual roles) | ||
| + | samba-tool fsmo transfer --role=all | ||
| + | |||
| + | ==nssswitch== | ||
| + | *enumerate users in getent passwd | ||
| + | *link winbind so nsswitch can see | ||
| + | ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib64/libnss_winbind.so | ||
| + | ln -s /lib64/libnss_winbind.so /lib64/libnss_winbind.so.2 | ||
| + | *check that it is linked | ||
| + | ldconfig -v | grep winbind | ||
| + | |||
| + | *edit /etc/nssswitch to contain | ||
| + | passwd: files winbind | ||
| + | shadow: files | ||
| + | group: files winbind | ||
| + | ==SYSVOL== | ||
| + | *syncing | ||
| + | rsync --dry-run -XAavz --delete-after root@"HOSTNAME":/usr/local/samba/var/locks/sysvol/ /usr/local/samba/var/locks/sysvol/ | ||
| + | rsync -XAavz --delete-after root@"HOSTNAME":/usr/local/samba/var/locks/sysvol/ /usr/local/samba/var/locks/sysvol/ | ||
Latest revision as of 15:41, 4 February 2016
Required Packages
Kerberos
- make backup of kerberos conf
cp /etc/krb5.conf /etc/krb5.bak
- add realm to kerberos file /etc/krb5.conf
cp /usr/local/samba/share/setup/krb5.conf /etc/krb5.conf
- change ${REALM} variable to your realm
- test that you can kinit
kinit administrator
- type password then klist to check if you have ticket
klsit
Join DC to domain
- if kerberos is working check that you can see the PDC dns entries
- then join DC to domain
samba-tool domain join example.edu DC -Uadministrator --realm=example.edu
- should end with
Joined domain EXAMPLE (SID ...) as a DC
Transfer Roles
- DNS entries must ne setup before you can transfer roles, samba must be running (check log before for any errors)
*see who has what roles samba-tool fsmo show
- transfer them all(can also transfer individual roles)
samba-tool fsmo transfer --role=all
nssswitch
- enumerate users in getent passwd
- link winbind so nsswitch can see
ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib64/libnss_winbind.so ln -s /lib64/libnss_winbind.so /lib64/libnss_winbind.so.2
- check that it is linked
ldconfig -v | grep winbind
- edit /etc/nssswitch to contain
passwd: files winbind shadow: files group: files winbind
SYSVOL
- syncing
rsync --dry-run -XAavz --delete-after root@"HOSTNAME":/usr/local/samba/var/locks/sysvol/ /usr/local/samba/var/locks/sysvol/ rsync -XAavz --delete-after root@"HOSTNAME":/usr/local/samba/var/locks/sysvol/ /usr/local/samba/var/locks/sysvol/
