SAMBA 4 ACTIVE-DIRECTORY CONFIGURATION
Note:- please disable selinux and firewall before doing things remove old version of samba if available .
Here are the steps:
Centos 6 or Higher
Configure DNS Frist
Note DNS Should be working fine….
# yum install bind*
# vi /etc/named.conf
Append below this line “recursion yes;”
forwarders {172.20.1.9; 8.8.8.8; }; your dns ip if available otherwise create fzone and rzone and the entire configuration of dns……
allow-query { localhost; }; change localhost to any
save file and exit
# service named restart
#vi /etc/resolv.conf
Append
nameserver {your ip address}
save and exit
#service named restart
# host -t A domain.sarien.com.
#nslookup domain.sarien.com
It should show your ip address
Note:- create acl line if required……..
# yum remove samba*
# yum install libacl-devel e2fsprogs-devel gnutls-devel readline-devel python-devel gdb gcc gcc-c++ cups-devel pam-devel ctdb-devel openldap-devel libsmbclient libacl-devel libblkid-devel gnutls-devel readline-devel python-devel gdb pkgconfig krb5-workstation zlib-devel setroubleshoot-server setroubleshoot-plugins policycoreutils-python popt-devel libpcap-devel sqlite-devel libidn-devel libsemanage-python setools-libs-python setools-libs libxml2-devel libacl-devel libsepol-devel libattr-devel keyutils-libs-devel cyrus-sasl-devel
1) Install the needed packages for the Python2.7 first
#yum groupinstall "Development tools"*
#yum install zlib-devel*
#yum install bzip2-devel*
#yum install openssl-devel*
#yum install ncurses-devel*
#yum install readline-devel*
2) Download the Python source code. (You can use also latest version 3.xx)
#wget http://www.python.org/ftp/python/2.7.3/Python-2.7.3.tar.bz2
#tar xvf Python-2.7.3.tar.bz2
#./configure --prefix=/usr/local --with-threads --enable-shared*
#make && make install
Take note: you can use *make altinstall *(if you want two python
(a big and small, lol), meaning Python2.4 and Python2.7
#ln -s /usr/local/lib/libpython2.7.so.1.0 /usr/lib*
If you can't find it, please do search.
3) Check the python if the version is correct.
#python -V
Python 2.7.3 (default, Jan 23 2013, 16:43:58)
[GCC 4.1.2 20080704 (Red Hat 4.1.2-46)] on linux2
Type "help", "copyright", "credits" or "license" for more
information.
>>>
4) Optional (running before testing using step#3)
#wget http://pypi.python.org/packages/source/d/distribute/distribute-0.6.27.tar.gz
#tar xvf distribute-0.6.27.tar.gz*
#cd distribute-0.6.27*
#python2.7 setup.py install*
#easy_install-2.7 virtualenv*
5) Finally check using yum
#yum search elinks
Then refer to the howto in samba for details
#git clean -x -f -d*
#rm -rf /usr/local/samba*
To update python
#export PATH=/PATH/TO/PYTHON2.7/BIN:$PATH
#python -V
# yum install git
# git clone -b v4-0-stable git://git.samba.org/samba.git samba-v4-0-stable
# cd samba-v4-0-stable
# ./configure --enable-debug --enable-selftest
# make
9. If everything reports okay you can then install samba:
# make install
------Samba restart stop start script----
#vi /etc/init.d/samba4
#! /bin/bash
#
# samba4 Bring up/down samba4 service
#
# chkconfig: - 90 10
# description: Activates/Deactivates all samba4 interfaces
# configured to start at boot time.
#
### BEGIN INIT INFO
# Provides:
# Should-Start:
# Short-Description: Bring up/down samba4
# Description: Bring up/down samba4
### END INIT INFO
# Source function library.
. /etc/init.d/functions
if [ -f /etc/sysconfig/samba4 ]; then
. /etc/sysconfig/samba4
fi
CWD=$(pwd)
prog="samba4"
pidfile=/usr/local/samba/var/run/smbd.pid
start() {
# Attach irda device
echo -n $"Starting $prog: "
/usr/local/samba/sbin/samba
sleep 2
if ps ax | grep -v "grep" | grep -q /samba/sbin/samba ; then success $"samba4 startup"; else failure $"samba4 startup"; fi
echo
}
stop() {
# Stop service.
echo -n $"Shutting down $prog: "
killall samba
sleep 2
if ps ax | grep -v "grep" | grep -q /samba/sbin/samba ; then failure $"samba4 shutdown"; else success $"samba4 shutdown"; fi
echo
}
status() {
if [ -e "$pidfile" ]
then
echo -n " Process running ..."
cat $pidfile
sleep 1
/usr/local/samba/sbin/samba --show-build
else
echo " Process not runing..."
fi}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status irattach
;;
restart|reload)
stop
start
;;
*)
echo $"Usage: $0 {start|stop|restart|status}"
exit 1
esac
exit 0
:wq!
# chmod 755 /etc/init.d/samba4
# chown root:root /etc/init.d/samba4
# chkconfig --add samba4
Creating Domain
# /usr/local/samba/bin/samba-tool domain provision
The 'domain provision' tool should pick defaults for you automatically. Change to your configurations if necessary:
Realm [SARIEN.COM]: Domain [SARIEN]: (press Enter)
Server Role (dc, member, standalone) [dc]: (press Enter)
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: (press Enter)
DNS forwarder IP address (write 'none' to disable forwarding) [your dns ip address]:
Administrator password:
Retype password:
If above was successful, stdout should look similar to this:
Creating CN=MicrosoftDNS,CN=System,DC=SARIEN,DC=com
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf
Once the above files are installed, your Samba4 server will be ready to use
Server Role: active directory domain controller
Hostname: samba
NetBIOS Domain: SARIEN
DNS Domain: SARIEN.com
DOMAIN SID: S-1-5-xx-xxxxxxxxxx-xxxxxxxxx-xxxxxxxxxx
Note:- if the above process fail delete file /usr/local/samba/etc/smb.conf rerun the command /usr/local/samba/bin/samba-tool domain provision
# /etc/init.d/samba4 start
Or
# service samba4 start
REBOOT THE SYSTEM
----To check----
# /usr/local/samba/sbin/samba –V
Version 4.0.5
# /usr/local/samba/bin/smbclient –version
Version 4.0.5
# /usr/local/samba/bin/smbclient -L localhost -U%
Output-----
Domain=[SARIEN] OS=[Unix] Server=[Samba 4.1.0pre1-GIT-c1fb37d]
Sharename Type Comment
--------- ---- -------
netlogon Disk
sysvol Disk
IPC$ IPC IPC Service (Samba 4.1.0pre1-GIT-c1fb37d)
Domain=[SARIEN] OS=[Unix] Server=[Samba 4.1.0pre1-GIT-c1fb37d]
Server Comment
--------- -------
Workgroup Master
--------- -------
Note:- if the above output does not come it show an error restart samba4
# cat /usr/local/samba/etc/smb.conf
Output-----
# Global parameters
[global]
workgroup = SARIEN
realm = SARIEN.COM
netbios name = SAMBA
server role = active directory domain controller
dns forwarder = {you ip address}
[netlogon]
path = /usr/local/samba/var/locks/sysvol/SARIEN.com/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
Configure Kerberos
In CentOS 6.3 or 6.4, kerberos is handled by the '/etc/krb5.conf' file. Make a backup copy of this original file, and then replace the existing file, if any, with the sample from /usr/local/samba/share/setup/krb5.conf.
# cp /usr/local/samba/share/setup/krb5.conf /etc/krb5.conf
Edit the file and replace ${REALM} with the value you chose for the '--realm' parameter of the provision command earlier, make sure to enter the realm in uppercase letters. It should look something like this:
# vi /etc/krb5.conf
[libdefaults]
default_realm = SARIEN.COM
dns_lookup_realm = false
dns_lookup_kdc = true
:wq!
Testing Kerberos
The simplest test is to use the 'kinit' command as follows:
# kinit administrator@SARIEN.COM
Password for administrator@SARIEN.COM:
Warning: Your password will expire in 41 days on Sun Feb 3 14:21:51 2013
NOTE: You must specify your domain realm SARIEN.COM in uppercase letters!!
'kinit' will not give you any output. To verify that Kerberos is working, and that you received a ticket, run the following:
If you get the following error--- kinit: Cannot resolve servers for KDC in realm---
Check the resolv.conf file nameserver entry is proper or not…
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@SARIEN.COM
Valid starting Expires Service principal
12/23/12 15:39:28 12/24/12 01:39:28 krbtgt/SARIEN.COM@SARIEN.COM
renew until 12/24/12 15:39:19
NTP (Network Time Protocol)
Make sure that 'ntpd' is running and installed. If 'ntpd' is not installed you can install it with YUM:
# yum install ntp
Enable ntpd:
# /etc/init.d/ntpd start
Also, use the 'chkconfig' command to have ntpd run at boot:
# chkconfig ntpd on
NOTE: CORRECT TIME IS IMPORTANT FOR KERBEROS TO FUNCTION CORRECTLY. MAKE SURE NTPD IS RUNNING ON THE SAMBA SERVER AND THAT YOU SET THE WINDOWS CLIENT TO THE MOST ACCURATE TIME POSSIBLE! THE WINDOWS CLIENT TIME SHOULD BE SET TO THE EXACT TIME OF THE SAMBA 4 SERVER WITHIN A FEW SECONDS IF POSSIBLE.
Now creating users, groups and OU can be done using commandline however you can install Windows Remote Administration Tools onto Windows to perform these activities. Download the Windows Remote Administration Tools from the links provided below
Windows 7
http://www.microsoft.com/downloads/details.aspx?FamilyID=7D2F6AD7-656B-4313-A005-4E344E43997D&displaylang=en
Windows Vista
http://www.microsoft.com/downloads/details.aspx?FamilyId=9FF6E897-23CE-4A36-B7FC-D52065DE9960&displaylang=en (Vista)
Windows XP Administration Tools Pack & Support Tools
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=86b71a4f-4122-44af-be79-3f101e533d95
http://download.microsoft.com/download/3/e/4/3e438f5e-24ef-4637-abd1-981341d349c7/WindowsServer2003-KB892777-SupportTools-x86-ENU.exe
After you create some users, if required can also set up roaming profiles.
# mkdir /usr/local/samba/var/profiles
# vi /usr/local/samba/etc/smb.conf
Append the following to the file
[profiles]
path = /usr/local/samba/var/profiles
read only = no
Now Login to windows, start Active Directory Users and Computers, select all the users, right click, and hit properties. Under the profile tab, in the Profile path, type the path to your share along with %USERNAME% as follows
\\sambaserver.linuxdrops.com\profiles\%USERNAME%
Now login with one of the users and, you should see that the profile has been synced onto the samba server.