![]() |
![]() Advanced DNS Management |
New ZoneEdit. New Managment. FREE DNS Is Back Sign Up Now |
![]() ![]() |
![]() |
![]()
Post
#1
|
|
![]() Its GNU/Linuxhelp.net ![]() ![]() ![]() ![]() ![]() ![]() ![]() Group: Support Specialist Posts: 1,439 Joined: 3-January 04 From: Germany Member No.: 2,069 ![]() |
Hello Everyone,
This one is going to be a SAMBA Active Directory on CentOS 6.x STEP 1. - Install base system Download CentOS 6.x iso from CentOS website ( sorry admin does not allow links ) Install system any way you like , with your partitioning layout does not matter . In this example hostname is : samba4.home.lan and ip address is : 192.168.186.200 STEP 2 - Disable SeLINUX , Iptables Now we disable SeLINUX like this : CODE chkconfig iptables off chkconfig ip6tables off vi /etc/selinux/config Press i Look for SELINUX= line and change it to SELINUX=disabled Once you are done editing press ESC , then type :wq then press ENTER Now we must reboot the server in order for SeLINUX to be disabled. CODE reboot STEP 3. - Update System CODE yum update STEP 4. - Enable SAMBA 4 repo Why use different repo ? answer : CentOS 6 Samba misses a lot of tools, this is way better, and much much easier to setup , and works just as well. CODE touch /etc/yum.repos.d/SOGo.repo vi /etc/yum.repos.d/SOGo.repo Press i , then type in the following : CODE [sogo-rhel6] name=Inverse SOGo Repository baseurl=http://inverse.ca/downloads/SOGo/RHEL6/$basearch gpgcheck=0 Once done editing press ESC , then type :wq and press ENTER STEP 5 - Samba installation , configuration CODE yum install samba4 Once it is done you run the following command : CODE samba-tool domain provision --user-rfc2307 --interactive Here a bunch of questions will be asked , but you only need to alter one for our setup : Domain name : home.lan ( !!! in this example!!! ) After this all settings can be left at default, which means you should still read what it is asking, not just hit ENTER,ENTER,ENTER ![]() Somewhere at the end it will ask for domain password, this is the Administrator password, so this at least should be complex the system requires you to enter at least one uppercase character, some regular characters , and at least one number. For example : Tksh48k . Now samba will generate all the necessary db files , setup the necessary groups , users etc for this domain. Next step we create the directory for our Roaming Profiles CODE mkdir /home/Profiles And make sure our /etc/samba4/smb.conf looks like this : CODE [global] workgroup = HOME realm = HOME.LAN netbios name = SAMBA4 server role = active directory domain controller dns forwarder = 8.8.8.8 idmap_ldb:use rfc2307 = yes [netlogon] path = /var/lib/samba4/sysvol/home.lan/scripts read only = No [sysvol] path = /var/lib/samba4/sysvol read only = No [Profiles] path = /home/Profiles/ read only = No If memory servers right you only need to add [Profiles] to your config file, everything else should already be there, I'm just posting my config just in case. STEP 6 - Configure Kerberos , Hosts, Resolv Samba already generated the necessary Kerberos conf file for us , we only need to move it to the right place, but just in case something bad could happen, we backup original Kerberos conf file. CODE mv /etc/krb5.conf /etc/krb5.conf.original cp /var/lib/samba4/private/krb5.conf /etc/krb5.conf Next step is to alter our hosts file it should look like this for the current test system : /etc/hosts CODE 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 192.168.186.200 samba4.home.lan samba4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 Then the resolv conf should look like this for the current test system : /etc/resolv.conf CODE domain homa.lan search home.lan nameserver 192.168.186.200 8.8.8.8 8.8.8.8 - this is Google, for TESTING ONLY , please play nice and later use your own DNS server, or the ISP's . TO BE CONTINUED ... -------------------- Robert Becskei
robert83@linuxhelp.net -------------------- May the source be with us! -------------------- AMD X2-3800 @ 2400Mhz 2048MB DDR 400Mhz DFI Lanparty UT4 NF4 ULTRA-D GeForce 7800GT 250GB+250GB Pioneer DVD-RW 17inch Samsung Syncmaster 757NF WinXP Pro (SP2)/ CentOS 4.3 -------------------- |
|
|
![]()
Post
#2
|
|
![]() Its GNU/Linuxhelp.net ![]() ![]() ![]() ![]() ![]() ![]() ![]() Group: Support Specialist Posts: 1,439 Joined: 3-January 04 From: Germany Member No.: 2,069 ![]() |
Step 7 - Test Kerberos
In this step we will test if Kerberos is running properly . First samba must be started, but it cannot be started with the init script , you can try but it will complain , so trust me and do this instead. - start samba CODE samba if you did everything as told and I made no type here, samba should be up and running without any errors... - test kerberos CODE kinit administrator it will display the following : type administrator password : - type in previously give admin password Tksh48k ( don't use this everywhere ) and you should receive something like this on CentOS 6 Warrning : Your password will expire in 41 days... This means Samba4 is up and running , Kerberos is doing it's stuff , we are almost good to go. Last thing is to add samba to /etc/rc.d/rc.local so that it is started every time the system boots up . (cannot be started with init scripts!) So go ahead and edit your /etc/rc.d/rc.local file to look like this ( just add this line to the end of the file ) CODE /usr/sbin/samba Step 8 - Reboot system , test again if everything is up and running CODE reboot Login to system once rebooted CODE ping samba4.home.lan ping www.google.com kinit administrator Every one of these commands should succeed , then proceed to next Step TO BE CONTINUED ... -------------------- Robert Becskei
robert83@linuxhelp.net -------------------- May the source be with us! -------------------- AMD X2-3800 @ 2400Mhz 2048MB DDR 400Mhz DFI Lanparty UT4 NF4 ULTRA-D GeForce 7800GT 250GB+250GB Pioneer DVD-RW 17inch Samsung Syncmaster 757NF WinXP Pro (SP2)/ CentOS 4.3 -------------------- |
|
|
![]()
Post
#3
|
|
![]() Its GNU/Linuxhelp.net ![]() ![]() ![]() ![]() ![]() ![]() ![]() Group: Support Specialist Posts: 1,439 Joined: 3-January 04 From: Germany Member No.: 2,069 ![]() |
Step 9 - Client configuration
VERY IMPORTANT : all clients in network must use 192.168.186.200 (ip address of samba ad) as primary dns server Okay so lets join our first client, for whatever reason I tested it first with a Windows XP client , make sure it's in the samba subnet as the AD , and make sure it is using AD ip as primary DNS, try to ping samba4.home.lan from WinXP client it should answer with 192.168.186.200 Next step is Right Click on My Computer , then Properties , Computer Name , click on Change And select Domain , type in home.lan , click OK . You will be asked for username , password , type in Administrator and the password , click OK , after a while you should receive a message that you have successfully joined the domain home.lan Reboot the WinXP computer, and login to domain home.lan (or home) with Administrator and password. Now let's assume will will use this computer as a dedicated computer for managing all our domain related stuff . (since I'm not able to link here pff ![]() Windows 2003 Service Pack2 Administration tools pack for x86 editions Windows Server 2003 Service Pack 1 32 bit Support Tools - ( .NET framework required, update WinXP first... ) Group Policy Management Console with Service Pack 1 Once you have all this installed you should have quiet a lot of tools available to you in START - PROGRAMS - ADMINISTRATIVE TOOLS What you will use most of the time is probably these two Active Directory Users and Computers and Group Policy Management Step 10 - Enable roaming profiles On the Samba AD machine run : CODE mkdir -p /home/Profiles/Domain Users smbcontroll all reload-config From WindowsXP computer with Domain Administrative rights Alter Security for Profiles folder Domain Admin full access Domain Users Read access For Profiles/Domain Users Domain Admin and Domain Users Full access From AD Manager for User Robert Set profile path to \\samba4.home.lan\Profiles\Domain Users\Robert Login with robert... alter something on desktop, create a folder or something, logout. Login again , check /home/Profiles/Domain Users/robert folder , data should be in there... Now you can add another WinXP computer to the domain, login there with robert, you should be greeted with same desktop . IMPORTANT THINGS TO KNOW ABOUT AD FORGET ABOUT NETWORK NEIGHBORHOOD , YOU CANNOT BROWSE THE NETWORK, AND IT IS OKAY , WITH AD YOU SEARCH THE NETWORK JUST LIKE THE INTERNET YOU DON'T BROWSE IT YOU SEARCH IT. WITH AD YOU CENTRALLY MANAGE SHARED DRIVES, PRINTERS, YOU CAN SHARE ON COMPUTER A SHARE BUT YOU NEED TO PUBLISH IT WITH AD FOR OTHER COMPUTERS TO BE VISIBLE. THE FOLLOWING VIDEOS (pfff links again) SHOULD BE WATCHED use www.google.com (note : all of them are youtube videos, and quiet helpfull to get you started ) Server 2008 Lesson 15 - Listing Shared Folders and Printers in PC TechStream How To Map Network Drives With Group Policy Preferences In Installing Software Using GPO As you will see AD is quiet a complex beast, and I highly recommend watching these videos, PC TechStream ones are quiet good , you will learn a few things, and you will also realize what at first seems complex gets quiet straghtforward after a while, and you will realize that it is much better then SAMBA 3 NT Style domains. Thank you for reading this GUIDE , hope it works for you. Sincerely Robert Becskei -------------------- Robert Becskei
robert83@linuxhelp.net -------------------- May the source be with us! -------------------- AMD X2-3800 @ 2400Mhz 2048MB DDR 400Mhz DFI Lanparty UT4 NF4 ULTRA-D GeForce 7800GT 250GB+250GB Pioneer DVD-RW 17inch Samsung Syncmaster 757NF WinXP Pro (SP2)/ CentOS 4.3 -------------------- |
|
|
![]() ![]() |
![]() |
Lo-Fi Version | Time is now: 22nd April 2018 - 08:52 PM |