Provisioning di samba su Cabrini —
Il passo successivo è la configurazione come AD DC si cancella il file /etc/smb/smb.conf verrà creato in automatico dalla configurazione
root@cabrini:/etc/samba# samba-tool domain provision –server-role=dc –use-rfc2307 –dns-backend=SAMBA_INTERNAL –realm=ZINCOMETAL.LAN –domain=ZINCOMETAL –adminpass=
root@cabrini:/etc/samba#
root@cabrini:/etc#
root@cabrini:/etc# cp /var/lib/samba/private/krb5.conf /etc/krb5.conf
Un reboot per sicurezza e quindi
root@cabrini:~# kinit administrator
Password for administrator@MYFIRM.LAN:
Warning: Your password will expire in 41 days on ven 9 giu 2023, 12:56:43
root@cabrini:~# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@MYFIRM.LAN
Valid starting Expires Service principal
28/04/2023 12:59:29 28/04/2023 22:59:29 krbtgt/MYFIRM.LAN@MYFIRM.LAN
renew until 29/04/2023 10:58:45
Verifichiamo il DNS
root@cabrini:/etc/samba# dig @localhost google.it
; <<>> DiG 9.16.37-Debian <<>> @localhost google.it
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37401
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 8
;; QUESTION SECTION:
;google.it. IN A
;; ANSWER SECTION:
google.it. 300 IN A 142.250.184.99
;; AUTHORITY SECTION:
google.it. 7515 IN NS ns1.google.com.
google.it. 7515 IN NS ns2.google.com.
google.it. 7515 IN NS ns3.google.com.
google.it. 7515 IN NS ns4.google.com.
;; ADDITIONAL SECTION:
ns1.google.com. 148747 IN A 216.239.32.10
ns1.google.com. 162513 IN AAAA 2001:4860:4802:32::a
ns2.google.com. 148747 IN A 216.239.34.10
ns2.google.com. 162513 IN AAAA 2001:4860:4802:34::a
ns3.google.com. 148747 IN A 216.239.36.10
ns3.google.com. 162513 IN AAAA 2001:4860:4802:36::a
ns4.google.com. 148747 IN A 216.239.38.10
ns4.google.com. 162513 IN AAAA 2001:4860:4802:38::a
;; Query time: 24 msec
;; SERVER: ::1#53(::1)
;; WHEN: Fri Apr 28 13:14:40 CEST 2023
;; MSG SIZE rcvd: 301
root@cabrini:/etc/samba# dig @localhost cabrini.myfirm.lan
; <<>> DiG 9.16.37-Debian <<>> @localhost cabrini.myfirm.lan
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21460
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;cabrini.myfirm.lan. IN A
;; ANSWER SECTION:
cabrini.myfirm.lan. 900 IN A 192.168.3.229
;; AUTHORITY SECTION:
myfirm.lan. 3600 IN SOA cabrini.myfirm.lan. hostmaster.myfirm.lan. 1 900 600 86400 3600
;; Query time: 4 msec
;; SERVER: ::1#53(::1)
;; WHEN: Fri Apr 28 13:15:21 CEST 2023
;; MSG SIZE rcvd: 103
root@cabrini:/etc/samba# dig -t SRV @localhost _ldap._tcp.myfirm.lan
; <<>> DiG 9.16.37-Debian <<>> -t SRV @localhost _ldap._tcp.myfirm.lan
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60704
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;_ldap._tcp.myfirm.lan. IN SRV
;; ANSWER SECTION:
_ldap._tcp.myfirm.lan. 900 IN SRV 0 100 389 cabrini.myfirm.lan.
;; AUTHORITY SECTION:
myfirm.lan. 3600 IN SOA cabrini.myfirm.lan. hostmaster.myfirm.lan. 1 900 600 86400 3600
;; Query time: 8 msec
;; SERVER: ::1#53(::1)
;; WHEN: Fri Apr 28 13:16:58 CEST 2023
;; MSG SIZE rcvd: 118
A questo punto creo anche le zone inverse con
samba-tool dns zonecreate cabrini.myfirm.lan 3.168.192.in-addr.arpa -U administrator
samba-tool dns zonecreate cabrini.myfirm.lan 2.168.192.in-addr.arpa -U administrator
e creo i record PTR con
samba-tool dns add cabrini.myfirm.lan 3.168.192.in-addr.arpa 1 PTR cabrini.myfirm.lan -U administrator
samba-tool dns add cabrini.myfirm.lan 2.168.192.in-addr.arpa 1 PTR cabrini.myfirm.lan -U administrator
Importante per non restare in mezzo al guado alla fine dell’installazione ricordarsi di dare:
samba-tool user setexpiry administrator –(sono 2 meno)noexpiry
In caso contrario dopo 40 o 90 giorni non ho ben capito si deve cambiare la password di administrator e direi che non mi pare il caso.
Ci siamo, il prossimo passo è creare una VM Microsoft per testare il join al dominio e per installarci RSAT che servirà ad amministrare l’Active directory
Categorised as: Linux | Samba | Sistemi operativi | Work
Comments are disabled on this post