Centos7.1最小化安装后编译samba4.2.1搭建Active Directory Service的域控制器

实验平台

I3二代,8G内存,WIN764位系统,安装Virtualbox4.3.26,建立CENTOS7.1虚拟机,挂载MINIMAL光盘安装系统。

一、最小化安装CENTOS7.1,过程略。

二、登陆Centos7.1系统,安装依赖。我喜欢用下载的Centos DVD安装软件,比网络快。

1. 如果要从WIN7系统用PUTTY等软件SSH连接虚拟机,要配置好固定IP,打开SSH。我是用securecrt连的虚拟机,网络选了一个网卡桥接本机网卡动态IP,一个选host-only网络,IP段设置192.168.6.*。

Last login: Thu Apr 16 04:20:06 2015 from 192.168.6.1

2.挂载光盘
[[email protected] ~]# mount /dev/cdrom /mnt
mount: /dev/sr0 is write-protected, mounting read-only

3.进入/etc/yum.repos.d/目录,批量改名备份repo文件

[[email protected] ~]# cd /etc/yum.repos.d/
[[email protected] yum.repos.d]# find . -type f |xargs -i mv {} {}.bkp
[[email protected] yum.repos.d]# ls
CentOS-Base.repo.bkp  CentOS-Debuginfo.repo.bkp  CentOS-Sources.repo.bkp
CentOS-CR.repo.bkp    CentOS-fasttrack.repo.bkp  CentOS-Vault.repo.bkp

4.用编辑器新建立一个光盘安装源。
[[email protected] yum.repos.d]# vi CentOS-Media.repo
[c7-media]
name=CentOS-$releasever- Media
baseurl=file:///mnt
gpgcheck=0
enabled=1
                                                                                                 
"CentOS-Media.repo" 5L, 83C written
5.从光盘安装"development tools"

[[email protected] yum.repos.d]# yum groupinstall "development tools"

安装过程略

6.安装一些依赖

[[email protected] samba-4.2.1]# yum -y install libacl-devel libblkid-devel gnutls-devel readline-devel python-devel autoconf gdb bind rsyslog-gssapi cyrus-sasl-gssapi

还有几个RPM包我用RPM命令是后面编译报错再安装的,也可以在上面的YUM一次安装

[[email protected] samba-4.2.1]# rpm -ivh /mnt/Packages/python-devel-2.7.5-16.el7.x86_64.rpm
warning: /mnt/Packages/python-devel-2.7.5-16.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing...                          ################################# [100%]
        package python-devel-2.7.5-16.el7.x86_64 is already installed
[[email protected] samba-4.2.1]# rpm -ivh /mnt/Packages/cyrus-sasl-2.1.26-17.el7.x86_64.rpm
warning: /mnt/Packages/cyrus-sasl-2.1.26-17.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:cyrus-sasl-2.1.26-17.el7         ################################# [100%]
[[email protected] samba-4.2.1]# rpm -ivh /mnt/Packages/cyrus-sasl-devel-2.1.26-17.el7.x86_64.rpm
warning: /mnt/Packages/cyrus-sasl-devel-2.1.26-17.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:cyrus-sasl-devel-2.1.26-17.el7   ################################# [100%]
[[email protected] samba-4.2.1]# rpm -ivh /mnt/Packages/openldap-devel-2.4.39-6.el7.x86_64.rpm          
warning: /mnt/Packages/openldap-devel-2.4.39-6.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:openldap-devel-2.4.39-6.el7      ################################# [100%]

三、下载编译Samda

7.下载SAMBA4.2.1源码包,用SECUREFXP上传到/tmp目录,wget实在太慢了。

8.现在进入/tmp目录,解压准备编译samba4.2.1

[[email protected] ~]# cd /tmp
[[email protected] tmp]# ls
ks-script-BL7c5a  samba-latest.tar.gz  yum.log
[[email protected] tmp]# tar -xvf samba-latest.tar.gz
[[email protected] tmp]# ls
ks-script-BL7c5a  samba-4.2.1  samba-latest.tar.gz  yum.log
[[email protected] tmp]# cd samba-4.2.1/

编译之前要运行buildtools/scripts/目录下的autogen-waf.sh

[[email protected] samba-4.2.1]# cd buildtools/scripts/
[[email protected] scripts]# ./autogen-waf.sh

Setting up for waf build
Looking for the buildtools directory
Found buildtools in ./../../buildtools
Setting up configure
Setting up Makefile
done. Now run ./configure or ./configure.developer then make.

回到解压的目录,开始编译samba

[[email protected] scripts]# cd /tmp/samba-4.2.1/
[[email protected] samba-4.2.1]# ./configure

编译过程略......
‘configure‘ finished successfully (1m8.178s)

到这里编译完成.

9.开始make安装

[[email protected] samba-4.2.1]# make && make install

安装过程略......
Waf: Leaving directory `/tmp/samba-4.2.1/bin‘
‘install‘ finished successfully (3m22.415s)

至此samba4.2.1源码编译安装完成。

10.修改主机名为DC1,把FQDN完全域名写上,好处是等下提升为域控免输域名了。

[[email protected] samba-4.2.1]#vi /etc/hostname
DC1.contoso.com

四、提升为域控

11.虚拟机可以关机做个快照,然后启动,登陆,开始把这台linux主机提升为域控制器。

[[email protected] ~]# cd /usr/local/samba/bin

[[email protected] bin]# ./samba-tool domain provision

Realm [CONTOSO.COM]:

Domain [CONTOSO]:

Server Role (dc, member, standalone) [dc]:

DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: BIND9_FLATFILE  #这里选的BIND9的DNS,也可以安装Samba自带的DNS.

Administrator password: 输入域控管理员密码,密码一定要复杂,大小写字母+数字,如Ab123456&
Retype password: 再输入一遍Ab123456&

Looking up IPv4 addresses
More than one IPv4 address found. Using 192.168.6.3

Looking up IPv6 address

No IPv6 addresswill be assigned

Setting up secrets.ldb

Setting up the registry

Setting up the privileges database

Setting up idmap db

Setting up sam.ldb partitions and settings

Setting up sam.ldb rootDSE

Pre-loading the Samba 4 and AD schema

Adding DomainDN: DC=contoso,DC=com

Adding configuration container

Setting up sam.ldb schema

Setting up sam.ldb configuration data

Setting up display specifiers

Modifying display specifiers

Adding users container

Modifying users container

Adding computers container

Modifying computers container

Setting up sam.ldb data

Setting up well known security principals

Setting up sam.ldb users and groups

Setting up self join

Adding DNS accounts

Creating CN=MicrosoftDNS,CN=System,DC=contoso,DC=com

rndc: neither /etc/rndc.conf nor /etc/rndc.key was found

rndc: neither /etc/rndc.conf nor /etc/rndc.key was found

See /usr/local/samba/private/named.conf for an example configuration include file for BIND

and /usr/local/samba/private/named.txt for further documentation required for secure DNS updates

Setting up sam.ldb rootDSE marking as synchronized

Fixing provision GUIDs

A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf

Once the above files are installed, your Samba4 server will be ready to use

Server Role:           active directory domain controller

Hostname:              DC1

NetBIOS Domain:        CONTOSO

DNS Domain:            contoso.com

DOMAIN SID:            S-1-5-21-3366851103-1622988557-2824442447

[[email protected] bin]#

一定要见到DOMAIN SID才算配置成功

启动samba
[[email protected] bin]# /usr/local/samba/sbin/samba

查看版本

[[email protected] bin]# /usr/local/samba/bin/smbclient --version

Version 4.2.1

测试

[[email protected] bin]# /usr/local/samba/bin/smbclient -L localhost -U%

Domain=[CONTOSO]

OS=[Unix]

Server=[Samba 4.2.1]

Sharename       Type      Comment

---------       ----      -------

netlogon        Disk

sysvol          Disk

IPC$            IPC      IPC Service (Samba 4.2.1)

Domain=[CONTOSO] OS=[Unix] Server=[Samba 4.2.1]

Server               Comment

---------            -------

Workgroup            Master

---------            -------

[[email protected] bin]# /usr/local/samba/bin/smbclient //localhost/netlogon -Uadministrator

Enter administrator‘s password:

Domain=[CONTOSO] OS=[Unix] Server=[Samba 4.2.1]

smb: \> q

[[email protected] bin]#

检查一下BIND

[[email protected] bin]# rpm -qa|grep bind

bind-libs-lite-9.9.4-18.el7.x86_64

bind-license-9.9.4-18.el7.noarch

bind-libs-9.9.4-18.el7.x86_64

bind-9.9.4-18.el7.x86_64

在/etc/named.conf文件中可以看到bind9的目录是/var/named,进入该目录:
[[email protected] etc]# cd /var/named

复制一份named.localhost作为contoso.com.zone,然后修改,作为contoso.com的正向解析文件。

[[email protected] named]# cp named.localhost contoso.com.zone

[[email protected] named]# vim contoso.com.zone

$TTL [email protected]       IN SOA  @ contoso.com. (

0       ; serial

1D      ; refresh

1H      ; retry

1W      ; expire

3H )    ; minimum

IN NS   DC1.contoso.com.

@       IN A    192.168.6.3

DC1     IN A    192.168.6.3

以上就是修改后的,双网卡的虚机,IP可能是另外一个的,要修改。

再把samba产生的DNS文件的后面部分复制过来。但是不要复制gc._msdcs这一条,我测试报错,删除了能启动bind

[[email protected] ~]# cd /usr/local/samba/private/dns

[[email protected] dns]# ls

contoso.com.zone

[[email protected] dns]# vim contoso.com.zone

复制下面部分

79aef472-c658-49c0-a2b4-3988bc00338a._msdcs     IN CNAME        DC1

;

; global catalog servers

_gc._tcp                IN SRV 0 100 3268       DC1

_gc._tcp.Default-First-Site-Name._sites IN SRV 0 100 3268       DC1

_ldap._tcp.gc._msdcs    IN SRV 0 100 3268       DC1

_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs     IN SRV 0 100 3268 DC1

;

; ldap servers_ldap._tcp              IN SRV 0 100 389        DC1

_ldap._tcp.dc._msdcs    IN SRV 0 100 389        DC1

_ldap._tcp.pdc._msdcs   IN SRV 0 100 389        DC1

_ldap._tcp.8b2afba7-4d3a-4b88-8b45-381cf145c623.domains._msdcs          IN SRV 0 100 389 DC1

_ldap._tcp.Default-First-Site-Name._sites               IN SRV 0 100 389 DC1

_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs     IN SRV 0 100 389 DC1

;

; krb5 servers_kerberos._tcp          IN SRV 0 100 88         DC1

_kerberos._tcp.dc._msdcs        IN SRV 0 100 88 DC1

_kerberos._tcp.Default-First-Site-Name._sites   IN SRV 0 100 88 DC1

_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs IN SRV 0 100 88 DC1_kerberos._udp          IN SRV 0 100 88         DC1

; MIT kpasswd likes to lookup this name on password change

_kerberos-master._tcp           IN SRV 0 100 88         DC1

_kerberos-master._udp           IN SRV 0 100 88         DC1

;

; kpasswd_kpasswd._tcp           IN SRV 0 100 464        DC1

_kpasswd._udp           IN SRV 0 100 464        DC1

;

; heimdal ‘find realm for host‘ hack

_kerberos               IN TXT  CONTOSO.COM

然后粘贴到/var/named/contoso.com.zone修改过的后面。具体操作中,可以在SecureCRT里克隆会话,进到目录,打开文件,拖选要复制的,然后切换到原来的会话点右键就粘贴上了,然后按ESC,:wq保存退出。

打开/etc/named.rfc1912.zones, 后面添加如下字段,增加正向解析区域

[[email protected] etc]# vim /etc/named.rfc1912.zones

zone "contoso.com" IN {

type master;

file "contoso.com.zone";

allow-update { none; };

};

启动BIND服务,如果报错,需要检查etc/named.rfc1912.zones和contoso.com.zone文件配置

[[email protected] dns]# systemctl start named.service

[[email protected] dns]# systemctl status named.service

测试解析,需要host命令。默认未安装。

[[email protected] named]# host -t SRV _ldap._tcp.contoso.com.

-bash: host: 未找到命令

重新挂载光盘安装。

[[email protected] named]# mount /dev/cdrom /mnt

mount: /dev/sr0 写保护,将以只读方式挂载

[[email protected] named]# yum -y install bind-utils

然后测试

[[email protected] ~]# host -t SRV _ldap._tcp.contoso.com

_ldap._tcp.contoso.com has SRV record 0 100 389 DC1.contoso.com.

[[email protected] ~]# host -t SRV _kerberos._udp.contoso.com               _kerberos._udp.contoso.com has SRV record 0 100 88 DC1.contoso.com.

[[email protected] ~]# host -t A dc1.contoso.com.

dc1.contoso.com has address 192.168.6.3

然后再开WIN7虚拟机,配置同网段IP如192.168.6.5, DNS配置192.168.6.3。 先用PING测试能ping通域名,如果不通尝试清除IPTABLES防火墙规则:

[[email protected] ~]# iptables -F

到此服务器端所有的配置完成,可以在WIN7系统下载WINDOWS服务器远程管理工具包。
安装后添加组件,在控制面板--管理工具里看到域控的管理工具,能远程管理了。

时间: 2024-10-20 20:59:29

Centos7.1最小化安装后编译samba4.2.1搭建Active Directory Service的域控制器的相关文章

centos7.3最小化安装后安装桌面问题

centos7.3最小化安装后安装桌面问题 /etc/sysconfig/network-scripts 文件下 网卡配置文件,默认为onboot=no,修改为yes 重启网络服务 systemctl restart network gcc,gcc-c++未安装,yum安装,避免装其他软件错误 安装Desktop 新命令 yum groups > yum groups install "Gnome Desktop" > yum groups install "fo

centos7.6 最小化安装后的操作

centos7.6 最小化安装后的操作 一.修改网卡信息 cat >/etc/sysconfig/network-scripts/ifcfg-ens33<<"EOF" TYPE="Ethernet" PROXY_METHOD="none" BROWSER_ONLY="no" BOOTPROTO="static" DEFROUTE="yes" IPV4_FAILURE_F

Centos7/redhat7最小化安装后的简单配置

一.配置本地yum源 1.挂载: [[email protected] ~]# mount /dev/cdrom /mnt mount: block device /dev/cdrom is write-protected, mounting read-only [[email protected] ~]# cd /etc/yum.repos.d/ [[email protected] yum.repos.d]# vi rhel-debuginfo.repo     --添加下面内容 [loca

CentOS7.0最小化安装后没有桌面的解决方法(手动安装图形桌面)

1.放入光盘 2.root用户下输入命令: mount /dev/sr0 /media 3.配置光盘为本地yum源 命令: vi /etc/yum.repos.d/local.repo 按Insert键开始输入以下内容: [local] name=local baseurl=file:///media/ enabled=1 gpgcheck=0 按ESC键,然后输入  :x   或 :wq   保存(别漏输入:) (不会用vi的可以上网看教程) 4.加载yum缓存:  yum makecache

CentOS 6,7最小化安装后再安装图形界面

CentOS 6.2最小化安装后再安装图形界面 在安装CentOS 6.2时发现它没有提示我要怎么安装,而是“自作主张”地给我选择了最小化安装,结果装完之后只有终端界面,因为有时候不得不用图形界面,所以如果没有图形界面也是很麻烦的. 后来通过百度才知道为什么它不让我选了,因为我用的是虚拟机,由于物理机本身配置就不高,所以我就没给虚拟机分配太多内存,而CentOS 6.2会根据你分配的内存大小决定安装方式,具体的界定我也忘记了,好像是512M还是1G,不过没关系,我们可以自己来安装图形界面,下面来

CentOS7 虚拟机最小化安装

1.虚拟机安装先选择稍后安装操作系统,这样子是自己进行安装,否则直接默认给你安装好了. 2.虚拟机最小安装后,yum无法找到packages.是因为默认的源找不到.可以挂载安装镜像并且本地化源.(因为最小化安装后,在虚拟机--->设置----->CD/DVD(IDE)---> 使用 ISO 映像文件--------->浏览”按钮,选择我们提前下载好的CentOS7的ISO文件,iso作为cdrom已经存在) #mkdir /mnt/isoyum #mount -o loop /de

Centos 7最小化安装后配置

关闭SELINUX vi /etc/sysconfig/selinux SELINUX=disabled :wq 配置网卡(最小化安装后ifconfig无法使用),该配置的前提是采用 NAT模式 vi /etc/sysconfig/network-scripts/ifcfg-enp0s3 ONBOOT=yes :wq service network restart # 检查网卡 ip addr 或者 ping -c2 www.baidu.com 更新yum yum -y update 联网后安装

CentOS 6.2最小化安装后再安装图形界面

在安装CentOS 6.2时发现它没有提示我要怎么安装,而是"自作主张"地给我选择了最小化安装,结果装完之后只有终端界面,因为有时候不得不用图形界面,所以如果没有图形界面也是很麻烦的. 后来通过百度才知道为什么它不让我选了,因为我用的是虚拟机,由于物理机本身配置就不高,所以我就没给虚拟机分配太多内存,而CentOS 6.2会根据你分配的内存大小决定安装方式,具体的界定我也忘记了,好像是512M还是1G,不过没关系,我们可以自己来安装图形界面,下面来说一下怎么安装. 1.yum -y g

【Linux】CentOS6.X最小化安装后配置

1.centos6.5最小化安装后启动网卡2.ifconfig查询IP进行SSH链接3.更新系统源并且升级系统4.系统时间更新和设定定时任5.修改ip地址.网关.主机名.DNS6.关闭selinux,清空iptables7.创建普通用户并进行sudo授权管理8.修改SSH端口号和屏蔽root账号远程登陆9.锁定关键文件系统(禁止非授权用户获得权限)10.精简开机自启动服务11.调整系统文件描述符大小12.设置系统字符集13.清理登陆的时候显示的系统及内核版本14.内核参数优化15.定时清理/va