Samba 4.8.2发布了,再次用源码包编译安装一下测试做域控。
10.0.0.10 Centos7 1708 64 bit
10.0.0.11 Win 10 RSAT
首先修改一下主机名
[[email protected] ~]# vi /etc/hostname
dc01.contoso.com
[[email protected] ~]# vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.10 dc01.contoso.com dc01
保存以后可以重启一下,然后挂载光盘,用它做源来安装一些依赖。
首先可以安装development tools
[[email protected] ~]# cd /etc/yum.repos.d/
[[email protected] yum.repos.d]# mkdir /media/cdrom
[[email protected] yum.repos.d]# mount /dev/cdrom /media/cdrom
[[email protected] yum.repos.d]# yum -y --enablerepo=c7-media groupinstall "development tools"
再安装一些samba需要的包,有一些不是必须,遇到./configure不行就要增加。
[[email protected] yum.repos.d]# yum -y --enablerepo=c7-media install perl gcc attr libacl-devel libblkid-develgnutls-devel readline-devel python-devel gdb pkgconfig krb5-workstation zlib-devel setroubleshoot-server libaio-devel setroubleshoot-plugins policycoreutils-python libsemanage-python perl-ExtUtils-MakeMaker perl-Parse-Yapp perl-Test-Base popt-devel libxml2-devel libattr-develv keyutils-libs-devel cups-devel bind-utils libxslt docbook-style-xsl openldap-devel autoconf pam-devel python2-crypto libtomcrypt libtommath libidn-devel libpcap-devel cups libgnutls-dev gnutls-devel
把下载的samba源码包上传到/tmp文件夹,也可以通过wget下载。
[[email protected] yum.repos.d]# cd /tmp
[[email protected] tmp]# ls
samba-4.8.2.tar.gz
[[email protected] tmp]# tar -xvf samba-4.8.2.tar.gz
[[email protected] tmp]# cd samba-4.8.2/buildtools/scripts/
[[email protected] scripts]# ./autogen-waf.sh
[[email protected] scripts]# cd /tmp/samba-4.8.2
[[email protected] samba-4.8.2]# ./configure
[[email protected] samba-4.8.2]# make && make install
注释掉/etc/krb5.conf的includedir这行,否则提升域控会报错。
[[email protected] samba-4.8.2]# vi /etc/krb5.conf
#includedir /etc/krb5.conf.d/
[[email protected] ~]# cd /usr/local/samba/bin
[[email protected] bin]# ./samba-tool domain provision --use-rfc2307 --interactive
Realm [CONTOSO.COM]:
Domain [CONTOSO]:
Server Role (dc, member, standalone) [dc]:
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
DNS forwarder IP address (write 'none' to disable forwarding) [10.0.0.20]: none
Administrator password:Aa123456
Retype password:Aa123456
Looking up IPv4 addresses
More than one IPv4 address found. Using 10.0.0.10
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs
Adding DomainDN: DC=contoso,DC=com
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers and extended rights
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=contoso,DC=com
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba AD has been generated at /usr/local/samba/private/krb5.conf
Merge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink!
Setting up fake yp server settings
Once the above files are installed, your Samba AD server will be ready to use
Server Role: active directory domain controller
Hostname: DC01
NetBIOS Domain: CONTOSO
DNS Domain: contoso.com
DOMAIN SID: S-1-5-21-4094272009-52109158-380737006
添加防火墙规则
[[email protected] bin]# firewall-cmd --add-port=53/tcp --permanent;firewall-cmd --add-port=53/udp --permanent;firewall-cmd --add-port=88/tcp --permanent;firewall-cmd --add-port=88/udp --permanent; \
> firewall-cmd --add-port=135/tcp --permanent;firewall-cmd --add-port=137-138/udp --permanent;firewall-cmd --add-port=139/tcp --permanent; \
> firewall-cmd --add-port=389/tcp --permanent;firewall-cmd --add-port=389/udp --permanent;firewall-cmd --add-port=445/tcp --permanent; \
> firewall-cmd --add-port=464/tcp --permanent;firewall-cmd --add-port=464/udp --permanent;firewall-cmd --add-port=636/tcp --permanent; \
> firewall-cmd --add-port=1024-5000/tcp --permanent;firewall-cmd --add-port=3268-3269/tcp --permanent
success
success
success
success
success
success
success
success
success
success
success
success
success
success
success
[[email protected] bin]# firewall-cmd --reload
success
[[email protected] bin]#
增加一个samba的服务文件。
[[email protected] bin]# vi /etc/systemd/system/samba.service
[Unit]
Description= Samba 4 Active Directory
After=syslog.target
After=network.target
[Service]
Type=forking
PIDFile=/usr/local/samba/var/run/samba.pid
ExecStart=/usr/local/samba/sbin/samba
[Install]
WantedBy=multi-user.target
启动samba
[[email protected] bin]# systemctl enable samba
Created symlink from /etc/systemd/system/multi-user.target.wants/samba.service to /etc/systemd/system/samba.service.
[[email protected] bin]# systemctl start samba
然后就用一台WIN10的虚拟机设置同网段IP,DNS指向10.0.0.10,就能加入域,重启用contoso\administrator和设置的密码Aa123456登录,下载安装RSAT就能连接管理域了。
原文地址:http://blog.51cto.com/423877/2119157