Difference between revisions of "AD Samba4 Centos 7"
From Stadm
Jump to navigationJump to searchLine 60: | Line 60: | ||
dns_lookup_kdc = true | dns_lookup_kdc = true | ||
default_realm = DOMAIN.EDU | default_realm = DOMAIN.EDU | ||
+ | |||
+ | |||
+ | ==Firewall== | ||
+ | *We prefer iptables so we are turning off firewalld and enabling iptables instead | ||
+ | systemctl stop firewalld # stop firewalld temporarily | ||
+ | systemctl mask firewalld # not sure what mask does, but I assume its similar to disable | ||
+ | yum install iptables-services # install iptables-services package | ||
+ | systemctl enable iptables # Enable the service at boot-time | ||
+ | systemctl start iptables # start iptables | ||
+ | service iptables save # save iptables rules in /etc/sysconfig/iptables, overwriting current set |
Revision as of 13:01, 25 February 2015
Contents
Purpose
The purpose of this wiki page is to document the steps needed to set up or recreate an Active Directory(AD) Environment using Samba 4. Not all features of a Windows Server AD are incorporated into Samba 4. At the time of writing/editing the current version of Samba 4 being used is: 4.1.16
This page serves to show how to Setup Samba 4 on a Centos 7 machine and migrate over from Centos 6.
Current operating system Samba 4 is run on: Centos 7
- Note: Until this message removed consider the following a work in progress
Samba 4 Active Directory Domain Controller
Install CentOS
- Install a minimal version of Centos 7 on a VM or dev box
Samba 4 Requirements
- Here is a minimal list of packages needed to compile Samba 4 with AD support
yum install perl gcc libacl-devel libblkid-devel gnutls-devel \ readline-devel python-devel gdb pkgconfig krb5-workstation \ zlib-devel setroubleshoot-server libaio-devel \ setroubleshoot-plugins policycoreutils-python \ libsemanage-python setools-libs-python setools-libs \ popt-devel libpcap-devel sqlite-devel libidn-devel \ libxml2-devel libacl-devel libsepol-devel libattr-devel \ keyutils-libs-devel cyrus-sasl-devel cups-devel bind-utils \ libxslt docbook-style-xsl openldap-devel pam-devel bzip2
- Here are optional packages that are used in this guide
yum install vim wget
Installing Samba
- For stable Samba version visit: http://www.samba.org/
- or(as of 02-18-15):
wget http://www.samba.org/samba/ftp/stable/samba-4.1.16.tar.gz
- Extract the archive if not done so already
tar -zxvf samba-4.1.16.tar.gz cd ~/samba-4.1.16 ./configure --enable-debug --enable-selftest --with-ads --with-systemd --with-winbind
- If it completes successfully, make sure it is Building with Active Directory support, if not you may have forgotten a few packages
- Finally compile and then install
make make install
Restoring
rm -rf /usr/local/samba/etc rm -rf /usr/local/samba/private rm -rf /usr/local/samba/var/locks/sysvol
cd /usr/local/backups tar -jxf etc.{Timestamp}.tar.bz2 -C /usr/local/samba/ tar -jxf samba4_private.{Timestamp}.tar.bz2 -C /usr/local/samba/ tar -jxf sysvol.{Timestamp}.tar.bz2 -C /usr/local/samba/
find /usr/local/samba/private/ -type f -name '*.ldb.bak' -print0 | while read -d $'\0' f ; do mv "$f" "${f%.bak}" ; done
ln -s /usr/lib64/libgnutls.so.28 /usr/lib64/libgnutls.so.26
vim /etc/krb5.conf dns_lookup_realm = false dns_lookup_kdc = true default_realm = DOMAIN.EDU
Firewall
- We prefer iptables so we are turning off firewalld and enabling iptables instead
systemctl stop firewalld # stop firewalld temporarily systemctl mask firewalld # not sure what mask does, but I assume its similar to disable yum install iptables-services # install iptables-services package systemctl enable iptables # Enable the service at boot-time systemctl start iptables # start iptables service iptables save # save iptables rules in /etc/sysconfig/iptables, overwriting current set