Anonymous

Changes

From Pumping Station One

Howto Add a Samba4 Domain Controller (view source)

Revision as of 14:02, 1 November 2018

871 bytes added ,  14:02, 1 November 2018
no edit summary
Line 1: Line 1: −
== DNS Records ==
+
{{mbox |type=warning |text=This information is out of date. [[IT Infrastructure|Up-to-date IT information can be found here]] }}
   −
* Set an A record for auth.pumpingstationone.org
+
== Setup ==
* Set a NS record for ad.pumpingstationone.org to auth.pumpingstationone.org
     −
== Host Setup ==
+
* Follow the Arch provision guide
 +
* Add role: dc to the salt minion config.
   −
echo "auth.pumpingstationone.org" > /etc/hostname
  −
add 66.228.35.181 auth.ad.arbitrarion.com auth to beginning of /etc/hosts
     −
== Samba ==
+
Create a file called /etc/salt/minion.d/dc.conf
 +
<pre>
 +
grains:
 +
  roles:
 +
    - dc
 +
</pre>
   −
  git clone -b v4-0-stable git://git.samba.org/samba.git samba
+
== Joining As a Domain Controller ==
  ./configure
  −
  make
  −
  make install
     −
=== Provisioning ===
+
    samba-tool domain join AD.PUMPINGSTATIONONE.ORG DC -U hef
    +
=== Checking and Fixing DNS ===
   −
  /usr/local/samba/bin/samba-tool domain provision --realm=ad.pumpingstationone.org --domain=PS1 --server-role=dc
+
DNS doesn't always register correctly.
   −
Make a note of the admin password.  You may need it later.
+
check it:
   −
=== Kerberos ===
+
    host -t dc01.ad.pumpingstationone.org.
   −
  apt-get install kerberos
+
If nothing comes back, re add it by hand.
   −
/etc/krb5.conf
+
    samba-tool dns add bob ad.pumpingstationone.org dc01 A 10.100.0.112
  [libdefaults]
  −
      default_realm = AD.ARBITRARION.COM
  −
      dns_lookup_realm = false
  −
      dns_lookup_kdc = true
     −
=== Adding Users ===
+
At this point you need the guid for the new server. The [https://wiki.samba.org/index.php/Join_a_domain_as_a_DC Samba Guide] References the ldbsearch commmand. I couldn't get it to work, so I grabbed the objectGuid field from CN=NTDS Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=pumpingstationone,DC=org in ldap.
   −
  /usr/local/samba/bin/samba-tool user add hef
+
    host -t CNAME af4c9efd-56f6-4160-8335-cf8e5a5ada8f._msdcs.ad.pumpingstationone.org
   −
The user add command will prompt for a password, and must meet complexity requirements.
+
If it's missing add it:
   −
  /usr/local/samba/bin/samba-tool group addmembers "Domain Admins" hef
+
    samba-tool dns add bob _msdcs.ad.pumpingstationone.org af4c9efd-56f6-4160-8335-cf8e5a5ada8f CNAME dc01.ad.pumpingstationone.org
 +
 
 +
== Joining As a Domain Member ==
 +
 
 +
    net ads join -U hef
 +
 
 +
The samba-tool domain join command does not get winbindd working correctly. The <code>net</code> command is required.
 +
 
 +
 
 +
== Adding Users ==
 +
 
 +
Regular users need to get there account through https://members.pumpingstationone.org.
 +
 
 +
service and test accounts can be created with the following procedire
 +
 
 +
 
 +
To create the user "hef" and set the user password, use the following command:
 +
  samba-tool user add hef
 +
 
 +
 
 +
To add the user "hef" to the "Domain Admins" group, use the following command:
 +
  samba-tool group addmembers "Domain Admins" hef
 +
 
 +
[[Category:IT Equipment]]
Retrieved from "https://ps1.mywikis.wiki/wiki/Special:MobileDiff/8697...38280"
Cookies help us deliver our services. By using our services, you agree to our use of cookies.
More information