Difference between revisions of "Samba4 BDC"

From Stadm
Jump to navigationJump to search
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
[[Category:Active Projects]]
 
[[Category:Projects]]
 
 
[[Category:Samba]]
 
[[Category:Samba]]
 
[[Category:Samba4AD]]
 
[[Category:Samba4AD]]
Line 24: Line 22:
 
*should end with  
 
*should end with  
 
  Joined domain EXAMPLE (SID ...) as a DC
 
  Joined domain EXAMPLE (SID ...) as a DC
 +
 +
==Transfer Roles==
 +
*DNS entries must ne setup before you can transfer roles, samba must be running (check log before for any errors)
 +
*see who has what roles
 +
samba-tool fsmo show
 +
*transfer them all(can also transfer individual roles)
 +
samba-tool fsmo transfer --role=all
 +
 +
==nssswitch==
 +
*enumerate users in getent passwd
 +
*link winbind so nsswitch can see
 +
ln -s  /usr/local/samba/lib/libnss_winbind.so.2  /lib64/libnss_winbind.so
 +
ln  -s /lib64/libnss_winbind.so  /lib64/libnss_winbind.so.2
 +
*check that it is linked
 +
ldconfig -v | grep winbind
 +
 +
*edit /etc/nssswitch to contain
 +
passwd:    files winbind
 +
shadow:    files
 +
group:      files winbind
 +
==SYSVOL==
 +
*syncing
 +
rsync --dry-run -XAavz --delete-after root@"HOSTNAME":/usr/local/samba/var/locks/sysvol/ /usr/local/samba/var/locks/sysvol/
 +
rsync -XAavz --delete-after root@"HOSTNAME":/usr/local/samba/var/locks/sysvol/ /usr/local/samba/var/locks/sysvol/

Latest revision as of 15:41, 4 February 2016


Required Packages

Kerberos

  • make backup of kerberos conf
cp /etc/krb5.conf /etc/krb5.bak
  • add realm to kerberos file /etc/krb5.conf
cp /usr/local/samba/share/setup/krb5.conf /etc/krb5.conf
  • change ${REALM} variable to your realm
  • test that you can kinit
kinit administrator
  • type password then klist to check if you have ticket
klsit

Join DC to domain

  • if kerberos is working check that you can see the PDC dns entries
  • then join DC to domain
samba-tool domain join example.edu DC -Uadministrator --realm=example.edu
  • should end with
Joined domain EXAMPLE (SID ...) as a DC

Transfer Roles

  • DNS entries must ne setup before you can transfer roles, samba must be running (check log before for any errors)
*see who has what roles
samba-tool fsmo show
  • transfer them all(can also transfer individual roles)
samba-tool fsmo transfer --role=all

nssswitch

  • enumerate users in getent passwd
  • link winbind so nsswitch can see
ln -s  /usr/local/samba/lib/libnss_winbind.so.2  /lib64/libnss_winbind.so
ln  -s /lib64/libnss_winbind.so  /lib64/libnss_winbind.so.2
  • check that it is linked
ldconfig -v | grep winbind
  • edit /etc/nssswitch to contain
passwd:     files winbind
shadow:     files
group:      files winbind

SYSVOL

  • syncing
rsync --dry-run -XAavz --delete-after root@"HOSTNAME":/usr/local/samba/var/locks/sysvol/ /usr/local/samba/var/locks/sysvol/
rsync -XAavz --delete-after root@"HOSTNAME":/usr/local/samba/var/locks/sysvol/ /usr/local/samba/var/locks/sysvol/