Line 1: |
Line 1: |
− | == DNS Records == | + | {{mbox |type=warning |text=This information is out of date. [[IT Infrastructure|Up-to-date IT information can be found here]] }} |
| | | |
− | set a A record for auth.pumpingstationone.org
| + | == Setup == |
− | set a NS record for ad.pumpingstationone.org to auth.pumpingstationone.org
| |
| | | |
− | == Host Setup ==
| + | * Follow the Arch provision guide |
| + | * Add role: dc to the salt minion config. |
| | | |
− | echo "auth.pumpingstationone.org" > /etc/hostname
| |
− | add 66.228.35.181 auth.ad.arbitrarion.com auth to beginning of /etc/hosts
| |
| | | |
− | == Samba ==
| + | Create a file called /etc/salt/minion.d/dc.conf |
| + | <pre> |
| + | grains: |
| + | roles: |
| + | - dc |
| + | </pre> |
| | | |
− | git clone -b v4-0-stable git://git.samba.org/samba.git samba
| + | == Joining As a Domain Controller == |
− | ./configure
| |
− | make
| |
− | make install
| |
| | | |
− | === Provisioning ===
| + | samba-tool domain join AD.PUMPINGSTATIONONE.ORG DC -U hef |
| | | |
| + | === Checking and Fixing DNS === |
| | | |
− | /usr/local/samba/bin/samba-tool domain provision --realm=ad.pumpingstationone.org --domain=PS1 --server-role=dc
| + | DNS doesn't always register correctly. |
| | | |
− | Make a note of the admin password. You may need it later.
| + | check it: |
| | | |
− | === Kerberos ===
| + | host -t dc01.ad.pumpingstationone.org. |
| | | |
− | apt-get install kerberos
| + | If nothing comes back, re add it by hand. |
| | | |
− | /etc/krb5.conf
| + | samba-tool dns add bob ad.pumpingstationone.org dc01 A 10.100.0.112 |
− | [libdefaults]
| |
− | default_realm = AD.ARBITRARION.COM
| |
− | dns_lookup_realm = false
| |
− | dns_lookup_kdc = true
| |
| | | |
− | === Adding Users === | + | At this point you need the guid for the new server. The [https://wiki.samba.org/index.php/Join_a_domain_as_a_DC Samba Guide] References the ldbsearch commmand. I couldn't get it to work, so I grabbed the objectGuid field from CN=NTDS Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=pumpingstationone,DC=org in ldap. |
| | | |
− | /usr/local/samba/bin/samba-tool user add hef
| + | host -t CNAME af4c9efd-56f6-4160-8335-cf8e5a5ada8f._msdcs.ad.pumpingstationone.org |
| | | |
− | The user add command will prompt for a password, and must meet complexity requirements.
| + | If it's missing add it: |
| | | |
− | /usr/local/samba/bin/samba-tool group addmembers "Domain Admins" hef
| + | samba-tool dns add bob _msdcs.ad.pumpingstationone.org af4c9efd-56f6-4160-8335-cf8e5a5ada8f CNAME dc01.ad.pumpingstationone.org |
| + | |
| + | == Joining As a Domain Member == |
| + | |
| + | net ads join -U hef |
| + | |
| + | The samba-tool domain join command does not get winbindd working correctly. The <code>net</code> command is required. |
| + | |
| + | |
| + | == Adding Users == |
| + | |
| + | Regular users need to get there account through https://members.pumpingstationone.org. |
| + | |
| + | service and test accounts can be created with the following procedire |
| + | |
| + | |
| + | To create the user "hef" and set the user password, use the following command: |
| + | samba-tool user add hef |
| + | |
| + | |
| + | To add the user "hef" to the "Domain Admins" group, use the following command: |
| + | samba-tool group addmembers "Domain Admins" hef |
| + | |
| + | [[Category:IT Equipment]] |