Difference between revisions of "Howto Add a Samba4 Domain Controller"
Jump to navigation
Jump to search
(→Wordpress: Finishing out wordpress settings) |
(Adding MediaWiki Settings) |
||
Line 69: | Line 69: | ||
|Security || User Notification || check | |Security || User Notification || check | ||
|} | |} | ||
+ | === MediaWiki === | ||
+ | |||
+ | At the bottom of Mediawikis LocalSettings.php | ||
+ | |||
+ | require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" ); | ||
+ | $wgAuth = new LdapAuthenticationPlugin(); | ||
+ | $wgLDAPDomainNames = array( 'PS1' ); | ||
+ | $wgLDAPServerNames = array( 'PS1' => 'auth.pumpingstationone.org' ); | ||
+ | $wgLDAPSearchSrings = array( 'PS1' => '[email protected]' ); | ||
+ | $wgLDAPEncryptionType = array( 'PS1' => 'clear' ); | ||
+ | $wgLDAPUseLocal = false; | ||
+ | |||
+ | #proxy agent | ||
+ | # TODO this shouldn't use the Administrator account, another service account should suffice. | ||
+ | $wgLDAPProxyAgent = array( 'PS1' => 'CN=Administrator,CN=Users,DC=ad,DC=pumpingstationone,DC=org' ); | ||
+ | $wgLDAPProxyAgentPassword = array( 'PS1' => 'password’); | ||
+ | |||
+ | $wgMinimalPasswordLength = 1; | ||
+ | $wgLDAPBaseDNs = array( 'PS1' => 'CN=Users,DC=AD,DC=pumpingstationone,DC=org' ); | ||
+ | $wgLDAPSearchAttributes = array( 'PS1' => 'sAMAccountName' ); | ||
+ | $wgLDAPRetrivePrefs = array( "PS1" => "true" ); |
Revision as of 05:52, 12 April 2013
DNS Records
- Set an A record for auth.pumpingstationone.org
- Set a NS record for ad.pumpingstationone.org to auth.pumpingstationone.org
Host Setup
echo "auth.pumpingstationone.org" > /etc/hostname add 66.228.35.181 auth.ad.arbitrarion.com auth to beginning of /etc/hosts
Samba
There is no stable, working version of Samba 4 shipping with ubuntu. You have to download it from source for now. As of writing, version 4.0.5 works
git clone -b v4-0-stable git://git.samba.org/samba.git samba ./configure make make install
Provisioning
/usr/local/samba/bin/samba-tool domain provision --realm=ad.pumpingstationone.org --domain=PS1 --server-role=dc
Make a note of the admin password. You may need it later.
Kerberos
apt-get install kerberos
/etc/krb5.conf
[libdefaults] default_realm = AD.ARBITRARION.COM dns_lookup_realm = false dns_lookup_kdc = true
Adding Users
To create the user "hef" and set the user password, use the following command:
/usr/local/samba/bin/samba-tool user add hef
To add the user "hef" to the "Domain Admins" group, use the following command:
/usr/local/samba/bin/samba-tool group addmembers "Domain Admins" hef
Services
Wordpress
- Log in as admin user.
- Install the active-directory-integration plugin.
Under Settings >> Active Directory Integration set the following:
Server | Domain Controllers | auth.pumpingstationonei.org |
Base DN | cn=Users,dc=ad,dc=pumpingstationone,dc=org | |
User | Account Suffix | @ad.pumpingstationone.org |
Automatic User Creation | check | |
Automatic User Update | check | |
Prevent Email Change | check (maybe not, might be an easy way for users to update email address) | |
Authorization | Role Equivalent Groups | Domain Admins=administrator |
Security | User Notification | check |
MediaWiki
At the bottom of Mediawikis LocalSettings.php
require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" ); $wgAuth = new LdapAuthenticationPlugin(); $wgLDAPDomainNames = array( 'PS1' ); $wgLDAPServerNames = array( 'PS1' => 'auth.pumpingstationone.org' ); $wgLDAPSearchSrings = array( 'PS1' => '[email protected]' ); $wgLDAPEncryptionType = array( 'PS1' => 'clear' ); $wgLDAPUseLocal = false; #proxy agent # TODO this shouldn't use the Administrator account, another service account should suffice. $wgLDAPProxyAgent = array( 'PS1' => 'CN=Administrator,CN=Users,DC=ad,DC=pumpingstationone,DC=org' ); $wgLDAPProxyAgentPassword = array( 'PS1' => 'password’); $wgMinimalPasswordLength = 1; $wgLDAPBaseDNs = array( 'PS1' => 'CN=Users,DC=AD,DC=pumpingstationone,DC=org' ); $wgLDAPSearchAttributes = array( 'PS1' => 'sAMAccountName' ); $wgLDAPRetrivePrefs = array( "PS1" => "true" );