3,430
edits
Changes
Jump to navigation
Jump to search
Line 1:
Line 1: − == DNS Records == − * Set an A record for auth.pumpingstationone.org+ − * Set a NS record for ad.pumpingstationone.org to auth.pumpingstationone.org − == Install packages ==+ + − sudo apt-get install libpam0g-dev+ − == Host Setup ==+ − === hostname ===+ − − echo "auth.pumpingstationone.org" > /etc/hostname − − === hosts file === − in /etc/hosts − 1.2.3.4 auth.ad.pumpingstationone.org auth − − === fstab === − add “acl,user_xattr” to the / drive in /etc/fstab − e.g. − /dev/xvda / ext3 acl,user_xattr,noatime,errors=remount-ro 0 − − == Samba == − There is no stable, working version of Samba 4 shipping with ubuntu. You have to download it from source for now. As of writing, version 4.0.5 works − − git clone -b v4-0-stable git://git.samba.org/samba.git samba − ./configure − make − make install − − === Provisioning === − − − /usr/local/samba/bin/samba-tool domain provision --realm=ad.pumpingstationone.org --domain=PS1 --server-role=dc --use-rfc2307 − − Make a note of the admin password. You may need it later. − − === Kerberos === − − apt-get install kerberos − − /etc/krb5.conf − [libdefaults] − default_realm = AD.ARBITRARION.COM − dns_lookup_realm = false − dns_lookup_kdc = true − − === Adding Users === Line 56:
Line 17: − − == Services == − − === Wordpress === − − # Log in as admin user. − # Install the active-directory-integration plugin. − − − ==== ADI Settings ==== − Under Settings >> Active Directory Integration set the following: − − {| class="wikitable" − |Server || Domain Controllers || auth.pumpingstationonei.org − |- − | || Base DN ||cn=Users,dc=ad,dc=pumpingstationone,dc=org − |- − |User || Account Suffix || @ad.pumpingstationone.org − |- − | || Automatic User Creation || check − |- − | || Automatic User Update || check − |- − | || Prevent Email Change || check (maybe not, might be an easy way for users to update email address) − |- − |Authorization || Role Equivalent Groups || Domain Admins=administrator − |- − |Security || User Notification || check − |} − − === MediaWiki === − − At the bottom of Mediawikis LocalSettings.php − − require_once( "$IP/extensions/LdapAuthentication/LdapAuthentication.php" ); − $wgAuth = new LdapAuthenticationPlugin(); − $wgLDAPDomainNames = array( 'PS1' ); − $wgLDAPServerNames = array( 'PS1' => 'auth.pumpingstationone.org' ); − $wgLDAPSearchSrings = array( 'PS1' => '[email protected]' ); − $wgLDAPEncryptionType = array( 'PS1' => 'clear' ); − $wgLDAPUseLocal = false; − − #proxy agent − # TODO this shouldn't use the Administrator account, another service account should suffice. − $wgLDAPProxyAgent = array( 'PS1' => 'CN=Administrator,CN=Users,DC=ad,DC=pumpingstationone,DC=org' ); − $wgLDAPProxyAgentPassword = array( 'PS1' => 'password’); − − $wgMinimalPasswordLength = 1; − $wgLDAPBaseDNs = array( 'PS1' => 'CN=Users,DC=AD,DC=pumpingstationone,DC=org' ); − $wgLDAPSearchAttributes = array( 'PS1' => 'sAMAccountName' ); − $wgLDAPRetrivePrefs = array( "PS1" => "true" );
Howto Add a Samba4 Domain Controller (view source)
Revision as of 15:49, 22 May 2014
, 15:49, 22 May 2014the new version
== Setup ==
* Follow the Arch provision guide
* Add role: dc to the salt minion config.
== Joining ==
samba-tool domain join AD.PUMPINGSTATIONONE.ORG -U hef
== Adding Users ==
To create the user "hef" and set the user password, use the following command:
To create the user "hef" and set the user password, use the following command:
To add the user "hef" to the "Domain Admins" group, use the following command:
To add the user "hef" to the "Domain Admins" group, use the following command:
/usr/local/samba/bin/samba-tool group addmembers "Domain Admins" hef
/usr/local/samba/bin/samba-tool group addmembers "Domain Admins" hef
[[Category:IT Equipment]]
[[Category:IT Equipment]]