Difference between revisions of "Howto Add a Samba4 Domain Controller"
(noting pam dependency) |
|||
(16 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | == | + | {{mbox |type=warning |text=This information is out of date. [[IT Infrastructure|Up-to-date IT information can be found here]] }} |
− | + | == Setup == | |
− | |||
− | + | * Follow the Arch provision guide | |
+ | * Add role: dc to the salt minion config. | ||
− | |||
− | + | Create a file called /etc/salt/minion.d/dc.conf | |
+ | <pre> | ||
+ | grains: | ||
+ | roles: | ||
+ | - dc | ||
+ | </pre> | ||
− | == | + | == Joining As a Domain Controller == |
− | + | samba-tool domain join AD.PUMPINGSTATIONONE.ORG DC -U hef | |
− | === | + | === Checking and Fixing DNS === |
− | |||
− | |||
− | + | DNS doesn't always register correctly. | |
− | |||
− | |||
− | |||
− | + | check it: | |
− | |||
− | + | host -t dc01.ad.pumpingstationone.org. | |
− | |||
− | |||
− | |||
− | + | If nothing comes back, re add it by hand. | |
+ | samba-tool dns add bob ad.pumpingstationone.org dc01 A 10.100.0.112 | ||
− | + | At this point you need the guid for the new server. The [https://wiki.samba.org/index.php/Join_a_domain_as_a_DC Samba Guide] References the ldbsearch commmand. I couldn't get it to work, so I grabbed the objectGuid field from CN=NTDS Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=pumpingstationone,DC=org in ldap. | |
− | + | host -t CNAME af4c9efd-56f6-4160-8335-cf8e5a5ada8f._msdcs.ad.pumpingstationone.org | |
− | + | If it's missing add it: | |
− | + | samba-tool dns add bob _msdcs.ad.pumpingstationone.org af4c9efd-56f6-4160-8335-cf8e5a5ada8f CNAME dc01.ad.pumpingstationone.org | |
− | + | == Joining As a Domain Member == | |
− | |||
− | |||
− | |||
− | |||
− | + | net ads join -U hef | |
− | + | The samba-tool domain join command does not get winbindd working correctly. The <code>net</code> command is required. | |
− | |||
− | + | == Adding Users == | |
− | |||
− | + | Regular users need to get there account through https://members.pumpingstationone.org. | |
− | + | service and test accounts can be created with the following procedire | |
− | |||
− | |||
+ | To create the user "hef" and set the user password, use the following command: | ||
+ | samba-tool user add hef | ||
− | |||
− | |||
− | + | To add the user "hef" to the "Domain Admins" group, use the following command: | |
− | + | samba-tool group addmembers "Domain Admins" hef | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
[[Category:IT Equipment]] | [[Category:IT Equipment]] |
Latest revision as of 14:02, 1 November 2018
This information is out of date. Up-to-date IT information can be found here |
Setup
- Follow the Arch provision guide
- Add role: dc to the salt minion config.
Create a file called /etc/salt/minion.d/dc.conf
grains: roles: - dc
Joining As a Domain Controller
samba-tool domain join AD.PUMPINGSTATIONONE.ORG DC -U hef
Checking and Fixing DNS
DNS doesn't always register correctly.
check it:
host -t dc01.ad.pumpingstationone.org.
If nothing comes back, re add it by hand.
samba-tool dns add bob ad.pumpingstationone.org dc01 A 10.100.0.112
At this point you need the guid for the new server. The Samba Guide References the ldbsearch commmand. I couldn't get it to work, so I grabbed the objectGuid field from CN=NTDS Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=pumpingstationone,DC=org in ldap.
host -t CNAME af4c9efd-56f6-4160-8335-cf8e5a5ada8f._msdcs.ad.pumpingstationone.org
If it's missing add it:
samba-tool dns add bob _msdcs.ad.pumpingstationone.org af4c9efd-56f6-4160-8335-cf8e5a5ada8f CNAME dc01.ad.pumpingstationone.org
Joining As a Domain Member
net ads join -U hef
The samba-tool domain join command does not get winbindd working correctly. The net
command is required.
Adding Users
Regular users need to get there account through https://members.pumpingstationone.org.
service and test accounts can be created with the following procedire
To create the user "hef" and set the user password, use the following command:
samba-tool user add hef
To add the user "hef" to the "Domain Admins" group, use the following command:
samba-tool group addmembers "Domain Admins" hef