Difference between revisions of "Samba4 BDC"
From Stadm
Jump to navigationJump to search(3 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | |||
− | |||
[[Category:Samba]] | [[Category:Samba]] | ||
[[Category:Samba4AD]] | [[Category:Samba4AD]] | ||
Line 24: | Line 22: | ||
*should end with | *should end with | ||
Joined domain EXAMPLE (SID ...) as a DC | Joined domain EXAMPLE (SID ...) as a DC | ||
+ | |||
+ | ==Transfer Roles== | ||
+ | *DNS entries must ne setup before you can transfer roles, samba must be running (check log before for any errors) | ||
+ | *see who has what roles | ||
+ | samba-tool fsmo show | ||
+ | *transfer them all(can also transfer individual roles) | ||
+ | samba-tool fsmo transfer --role=all | ||
+ | |||
+ | ==nssswitch== | ||
+ | *enumerate users in getent passwd | ||
+ | *link winbind so nsswitch can see | ||
+ | ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib64/libnss_winbind.so | ||
+ | ln -s /lib64/libnss_winbind.so /lib64/libnss_winbind.so.2 | ||
+ | *check that it is linked | ||
+ | ldconfig -v | grep winbind | ||
+ | |||
+ | *edit /etc/nssswitch to contain | ||
+ | passwd: files winbind | ||
+ | shadow: files | ||
+ | group: files winbind | ||
+ | ==SYSVOL== | ||
+ | *syncing | ||
+ | rsync --dry-run -XAavz --delete-after root@"HOSTNAME":/usr/local/samba/var/locks/sysvol/ /usr/local/samba/var/locks/sysvol/ | ||
+ | rsync -XAavz --delete-after root@"HOSTNAME":/usr/local/samba/var/locks/sysvol/ /usr/local/samba/var/locks/sysvol/ |
Latest revision as of 15:41, 4 February 2016
Required Packages
Kerberos
- make backup of kerberos conf
cp /etc/krb5.conf /etc/krb5.bak
- add realm to kerberos file /etc/krb5.conf
cp /usr/local/samba/share/setup/krb5.conf /etc/krb5.conf
- change ${REALM} variable to your realm
- test that you can kinit
kinit administrator
- type password then klist to check if you have ticket
klsit
Join DC to domain
- if kerberos is working check that you can see the PDC dns entries
- then join DC to domain
samba-tool domain join example.edu DC -Uadministrator --realm=example.edu
- should end with
Joined domain EXAMPLE (SID ...) as a DC
Transfer Roles
- DNS entries must ne setup before you can transfer roles, samba must be running (check log before for any errors)
*see who has what roles samba-tool fsmo show
- transfer them all(can also transfer individual roles)
samba-tool fsmo transfer --role=all
nssswitch
- enumerate users in getent passwd
- link winbind so nsswitch can see
ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib64/libnss_winbind.so ln -s /lib64/libnss_winbind.so /lib64/libnss_winbind.so.2
- check that it is linked
ldconfig -v | grep winbind
- edit /etc/nssswitch to contain
passwd: files winbind shadow: files group: files winbind
SYSVOL
- syncing
rsync --dry-run -XAavz --delete-after root@"HOSTNAME":/usr/local/samba/var/locks/sysvol/ /usr/local/samba/var/locks/sysvol/ rsync -XAavz --delete-after root@"HOSTNAME":/usr/local/samba/var/locks/sysvol/ /usr/local/samba/var/locks/sysvol/