Slide

  • LINUX

    LINUX:In 1969 AT&T made a decision to withdraw Multics and go with GECOS (General Electric Comprehensive Operating Supervisor / System), with AT & T in Bells Lab when Multics was withdrawn some of the programmers named Ken Thompson and Dennis Ritchie decided to rewrite operating system in order to support low cost computer..To Know More

    CLICK HERE

  • MICROSOFT

    MICROSOFT:Microsoft was established to develop and sell BASIC interpreters for the Altair 8800. It rose to dominate the home computer operating system market with MS-DOS in the mid-1980s,followed by the Microsoft Windows line of operating systems. To Know More

    CLICK HERE

  • CISCO

    CISCO:During the early 1980s, there was a married couple namely Len and Sandy Bosack who used to work in two different departments of computer located in Stanford University. This couple was facing problem in making their computers communicate with each other To Know More

    CLICK HERE

showinfo=1

SAMBA 4 ACTIVE-DIRECTORY CONFIGURATION

SAMBA 4 ACTIVE-DIRECTORY CONFIGURATION


Note:- please disable selinux and firewall before doing things remove old version of samba if available .

Here are the steps:
Centos 6 or Higher
Configure DNS Frist
Note DNS Should be working fine….
# yum install bind*
# vi /etc/named.conf
Append below this line “recursion yes;”
forwarders {172.20.1.9; 8.8.8.8; };  your dns ip if available otherwise create fzone and rzone and the entire configuration of dns……
allow-query { localhost; };  change localhost to any
save file and exit
# service named restart
#vi /etc/resolv.conf
Append
nameserver {your ip address}

save and exit

#service named restart
# host -t A domain.sarien.com.

#nslookup domain.sarien.com

It should show your ip address
Note:- create acl line if required……..
# yum remove samba*


# yum install libacl-devel e2fsprogs-devel gnutls-devel readline-devel python-devel gdb gcc gcc-c++ cups-devel pam-devel ctdb-devel openldap-devel libsmbclient libacl-devel libblkid-devel gnutls-devel readline-devel python-devel gdb pkgconfig krb5-workstation zlib-devel setroubleshoot-server setroubleshoot-plugins policycoreutils-python popt-devel libpcap-devel sqlite-devel libidn-devel libsemanage-python setools-libs-python setools-libs libxml2-devel libacl-devel libsepol-devel libattr-devel keyutils-libs-devel cyrus-sasl-devel

1) Install the needed packages for the Python2.7 first
#yum groupinstall "Development tools"*
#yum install zlib-devel*
#yum install bzip2-devel*
#yum install openssl-devel*
#yum install ncurses-devel*
#yum install readline-devel*

2) Download the Python source code. (You can use also latest version 3.xx)
#wget http://www.python.org/ftp/python/2.7.3/Python-2.7.3.tar.bz2
#tar xvf Python-2.7.3.tar.bz2
#./configure --prefix=/usr/local --with-threads --enable-shared*
#make && make install
         Take note: you can use *make altinstall *(if you want two python
(a big and small, lol), meaning Python2.4 and Python2.7

#ln -s /usr/local/lib/libpython2.7.so.1.0 /usr/lib*

         If you can't find it, please do search.

3) Check the python if the version is correct.
#python  -V

       Python 2.7.3 (default, Jan  23 2013, 16:43:58)
       [GCC 4.1.2 20080704 (Red Hat 4.1.2-46)] on linux2
       Type "help", "copyright", "credits" or "license" for more
information.
       >>>

4) Optional (running before testing using step#3)
#wget  http://pypi.python.org/packages/source/d/distribute/distribute-0.6.27.tar.gz

#tar xvf distribute-0.6.27.tar.gz*
#cd  distribute-0.6.27*
#python2.7 setup.py install*
#easy_install-2.7 virtualenv*

5) Finally check using yum
#yum search elinks


Then refer to the howto in samba for details
#git clean -x -f -d*
#rm -rf /usr/local/samba*


To update python
#export PATH=/PATH/TO/PYTHON2.7/BIN:$PATH
#python -V


# yum install git

# git clone -b v4-0-stable git://git.samba.org/samba.git samba-v4-0-stable

# cd samba-v4-0-stable
# ./configure --enable-debug --enable-selftest
# make
9. If everything reports okay you can then install samba:
# make install

------Samba restart stop start script----

#vi /etc/init.d/samba4

#! /bin/bash
#
# samba4 Bring up/down samba4 service
#
# chkconfig: - 90 10
# description: Activates/Deactivates all samba4 interfaces
# configured to start at boot time.
#
### BEGIN INIT INFO
# Provides:
# Should-Start:
# Short-Description: Bring up/down samba4
# Description: Bring up/down samba4
### END INIT INFO
# Source function library.
. /etc/init.d/functions

if [ -f /etc/sysconfig/samba4 ]; then
. /etc/sysconfig/samba4
fi

CWD=$(pwd)
prog="samba4"
pidfile=/usr/local/samba/var/run/smbd.pid

start() {
# Attach irda device
echo -n $"Starting $prog: "
/usr/local/samba/sbin/samba
sleep 2
if ps ax | grep -v "grep" | grep -q /samba/sbin/samba ; then success $"samba4 startup"; else failure $"samba4 startup"; fi
echo
}
stop() {
# Stop service.
echo -n $"Shutting down $prog: "
killall samba
sleep 2
if ps ax | grep -v "grep" | grep -q /samba/sbin/samba ; then failure $"samba4 shutdown"; else success $"samba4 shutdown"; fi
echo
}
status() {
if [ -e "$pidfile" ]
then
echo -n " Process running ..."
cat $pidfile
sleep 1
/usr/local/samba/sbin/samba --show-build
else
echo " Process not runing..."
fi}

# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status irattach
;;
restart|reload)
stop
start
;;
*)
echo $"Usage: $0 {start|stop|restart|status}"
exit 1
esac

exit 0

:wq!


# chmod 755 /etc/init.d/samba4
# chown root:root /etc/init.d/samba4
# chkconfig --add samba4


Creating Domain

# /usr/local/samba/bin/samba-tool domain provision
The 'domain provision' tool should pick defaults for you automatically. Change to your configurations if necessary:
Realm [SARIEN.COM]: Domain [SARIEN]: (press Enter)
Server Role (dc, member, standalone) [dc]: (press Enter)
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: (press Enter)
DNS forwarder IP address (write 'none' to disable forwarding) [your dns ip address]:
Administrator password:
Retype password:
If above was successful, stdout should look similar to this:
Creating CN=MicrosoftDNS,CN=System,DC=SARIEN,DC=com
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf
Once the above files are installed, your Samba4 server will be ready to use
Server Role: active directory domain controller
Hostname: samba
NetBIOS Domain: SARIEN
DNS Domain: SARIEN.com
DOMAIN SID: S-1-5-xx-xxxxxxxxxx-xxxxxxxxx-xxxxxxxxxx

Note:- if the above process fail delete file /usr/local/samba/etc/smb.conf rerun the command /usr/local/samba/bin/samba-tool domain provision

# /etc/init.d/samba4 start
Or
# service samba4 start

REBOOT THE SYSTEM


----To check----

# /usr/local/samba/sbin/samba –V
Version 4.0.5
# /usr/local/samba/bin/smbclient –version
Version 4.0.5
# /usr/local/samba/bin/smbclient -L localhost -U%
Output-----

Domain=[SARIEN] OS=[Unix] Server=[Samba 4.1.0pre1-GIT-c1fb37d]

Sharename Type Comment
--------- ---- -------
netlogon Disk
sysvol Disk
IPC$ IPC IPC Service (Samba 4.1.0pre1-GIT-c1fb37d)
Domain=[SARIEN] OS=[Unix] Server=[Samba 4.1.0pre1-GIT-c1fb37d]

Server Comment
--------- -------

Workgroup Master
--------- -------

Note:- if the above output does not come it show an error restart samba4


# cat /usr/local/samba/etc/smb.conf

Output-----
# Global parameters
[global]
workgroup = SARIEN
realm = SARIEN.COM
netbios name = SAMBA
server role = active directory domain controller
dns forwarder = {you ip address}

[netlogon]
path = /usr/local/samba/var/locks/sysvol/SARIEN.com/scripts
read only = No

[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No


Configure Kerberos
In CentOS 6.3 or 6.4, kerberos is handled by the '/etc/krb5.conf' file. Make a backup copy of this original file, and then replace the existing file, if any, with the sample from /usr/local/samba/share/setup/krb5.conf.
# cp /usr/local/samba/share/setup/krb5.conf /etc/krb5.conf

Edit the file and replace ${REALM} with the value you chose for the '--realm' parameter of the provision command earlier, make sure to enter the realm in uppercase letters. It should look something like this:
# vi /etc/krb5.conf
[libdefaults]
default_realm = SARIEN.COM
dns_lookup_realm = false
dns_lookup_kdc = true
:wq!

Testing Kerberos
The simplest test is to use the 'kinit' command as follows:
# kinit administrator@SARIEN.COM
Password for administrator@SARIEN.COM:
Warning: Your password will expire in 41 days on Sun Feb 3 14:21:51 2013
NOTE: You must specify your domain realm SARIEN.COM in uppercase letters!!
'kinit' will not give you any output. To verify that Kerberos is working, and that you received a ticket, run the following:

If you get the following error--- kinit: Cannot resolve servers for KDC in realm---
Check the resolv.conf file nameserver entry is proper or not…


# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@SARIEN.COM

Valid starting Expires Service principal
12/23/12 15:39:28 12/24/12 01:39:28 krbtgt/SARIEN.COM@SARIEN.COM
renew until 12/24/12 15:39:19



NTP (Network Time Protocol)
Make sure that 'ntpd' is running and installed. If 'ntpd' is not installed you can install it with YUM:
# yum install ntp
Enable ntpd:
# /etc/init.d/ntpd start
Also, use the 'chkconfig' command to have ntpd run at boot:
# chkconfig ntpd on
NOTE: CORRECT TIME IS IMPORTANT FOR KERBEROS TO FUNCTION CORRECTLY. MAKE SURE NTPD IS RUNNING ON THE SAMBA SERVER AND THAT YOU SET THE WINDOWS CLIENT TO THE MOST ACCURATE TIME POSSIBLE! THE WINDOWS CLIENT TIME SHOULD BE SET TO THE EXACT TIME OF THE SAMBA 4 SERVER WITHIN A FEW SECONDS IF POSSIBLE.

Now creating users, groups and OU can be done using commandline however you can install Windows Remote Administration Tools onto Windows to perform these activities. Download the Windows Remote Administration Tools from the links provided below


Windows 7

http://www.microsoft.com/downloads/details.aspx?FamilyID=7D2F6AD7-656B-4313-A005-4E344E43997D&displaylang=en

Windows Vista

http://www.microsoft.com/downloads/details.aspx?FamilyId=9FF6E897-23CE-4A36-B7FC-D52065DE9960&displaylang=en (Vista)

Windows XP Administration Tools Pack & Support Tools

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=86b71a4f-4122-44af-be79-3f101e533d95

http://download.microsoft.com/download/3/e/4/3e438f5e-24ef-4637-abd1-981341d349c7/WindowsServer2003-KB892777-SupportTools-x86-ENU.exe



After you create some users, if required can also set up roaming profiles.




# mkdir /usr/local/samba/var/profiles
# vi /usr/local/samba/etc/smb.conf

Append the following to the file

[profiles]
path = /usr/local/samba/var/profiles
read only = no

Now Login to windows, start Active Directory Users and Computers, select all the users, right click, and hit properties. Under the profile tab, in the Profile path, type the path to your share along with %USERNAME% as follows

\\sambaserver.linuxdrops.com\profiles\%USERNAME%

Now login with one of the users and, you should see that the profile has been synced onto the samba server.





2 comments:

  1. Your blog is really nice. If I may share some insight, traffic studies on blogs show most people read blogs on Mondays. So it should encourage blogger to write new updates over the weekend primarily.
    stpetehealthpro.com |

    ReplyDelete
  2. I think this is definitely an amazing project here. So much good will be coming from this project. The ideas and the work behind this will pay off so much.
    www.businessanalysissummit.com |

    ReplyDelete

Note:- Comment as: Option available to post without login select "Anonymous" from the drop down...........

For Latest Updates: Subscribe Now | | Test Your Knowledge, Take a Quiz now Click Here | | Site Best Viewed In Firefox

X