Clark's Home page

Tecnicismi vari di un Sysadmin Linux ma anche qualcosa della sua vita

Provisioning di samba su Cabrini —

Il passo successivo è la configurazione come AD DC si cancella il file /etc/smb/smb.conf verrà creato in automatico dalla configurazione
root@cabrini:/etc/samba# samba-tool domain provision –server-role=dc –use-rfc2307 –dns-backend=SAMBA_INTERNAL –realm=ZINCOMETAL.LAN –domain=ZINCOMETAL –adminpass=

cabrini-provision

root@cabrini:/etc/samba#
root@cabrini:/etc#
root@cabrini:/etc# cp /var/lib/samba/private/krb5.conf /etc/krb5.conf
Un reboot per sicurezza e quindi
root@cabrini:~# kinit administrator
Password for administrator@MYFIRM.LAN:
Warning: Your password will expire in 41 days on ven 9 giu 2023, 12:56:43
root@cabrini:~# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@MYFIRM.LAN

Valid starting       Expires              Service principal
28/04/2023 12:59:29  28/04/2023 22:59:29  krbtgt/MYFIRM.LAN@MYFIRM.LAN
renew until 29/04/2023 10:58:45

Verifichiamo il DNS

root@cabrini:/etc/samba# dig @localhost google.it

; <<>> DiG 9.16.37-Debian <<>> @localhost google.it
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37401
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 8

;; QUESTION SECTION:
;google.it.                     IN      A

;; ANSWER SECTION:
google.it.              300     IN      A       142.250.184.99

;; AUTHORITY SECTION:
google.it.              7515    IN      NS      ns1.google.com.
google.it.              7515    IN      NS      ns2.google.com.
google.it.              7515    IN      NS      ns3.google.com.
google.it.              7515    IN      NS      ns4.google.com.

;; ADDITIONAL SECTION:
ns1.google.com.         148747  IN      A       216.239.32.10
ns1.google.com.         162513  IN      AAAA    2001:4860:4802:32::a
ns2.google.com.         148747  IN      A       216.239.34.10
ns2.google.com.         162513  IN      AAAA    2001:4860:4802:34::a
ns3.google.com.         148747  IN      A       216.239.36.10
ns3.google.com.         162513  IN      AAAA    2001:4860:4802:36::a
ns4.google.com.         148747  IN      A       216.239.38.10
ns4.google.com.         162513  IN      AAAA    2001:4860:4802:38::a

;; Query time: 24 msec
;; SERVER: ::1#53(::1)
;; WHEN: Fri Apr 28 13:14:40 CEST 2023
;; MSG SIZE  rcvd: 301
root@cabrini:/etc/samba# dig @localhost cabrini.myfirm.lan

; <<>> DiG 9.16.37-Debian <<>> @localhost cabrini.myfirm.lan
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21460
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;cabrini.myfirm.lan.                IN      A

;; ANSWER SECTION:
cabrini.myfirm.lan. 900     IN      A       192.168.3.229

;; AUTHORITY SECTION:
myfirm.lan.         3600    IN      SOA     cabrini.myfirm.lan. hostmaster.myfirm.lan. 1 900 600 86400 3600

;; Query time: 4 msec
;; SERVER: ::1#53(::1)
;; WHEN: Fri Apr 28 13:15:21 CEST 2023
;; MSG SIZE  rcvd: 103

root@cabrini:/etc/samba# dig -t SRV @localhost _ldap._tcp.myfirm.lan

; <<>> DiG 9.16.37-Debian <<>> -t SRV @localhost _ldap._tcp.myfirm.lan
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60704
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;_ldap._tcp.myfirm.lan.     IN      SRV

;; ANSWER SECTION:
_ldap._tcp.myfirm.lan. 900  IN      SRV     0 100 389 cabrini.myfirm.lan.

;; AUTHORITY SECTION:
myfirm.lan.         3600    IN      SOA     cabrini.myfirm.lan. hostmaster.myfirm.lan. 1 900 600 86400 3600

;; Query time: 8 msec
;; SERVER: ::1#53(::1)
;; WHEN: Fri Apr 28 13:16:58 CEST 2023
;; MSG SIZE  rcvd: 118

A questo punto creo anche le zone inverse con
samba-tool dns zonecreate cabrini.myfirm.lan 3.168.192.in-addr.arpa -U administrator
samba-tool dns zonecreate cabrini.myfirm.lan 2.168.192.in-addr.arpa -U administrator

e creo i record PTR con

samba-tool dns add cabrini.myfirm.lan 3.168.192.in-addr.arpa 1 PTR cabrini.myfirm.lan -U administrator
samba-tool dns add cabrini.myfirm.lan 2.168.192.in-addr.arpa 1 PTR cabrini.myfirm.lan -U administrator
Importante per non restare in mezzo al guado alla fine dell’installazione ricordarsi di dare:
samba-tool user setexpiry administrator –(sono 2 meno)noexpiry
In caso contrario dopo 40 o 90 giorni non ho ben capito si deve cambiare la password di administrator e direi che non mi pare il caso.
Ci siamo, il prossimo passo è creare una VM Microsoft per testare il join al dominio e per installarci RSAT che servirà ad amministrare l’Active directory

 

Tagged with: | | | |

Categorised as: Linux | Samba | Sistemi operativi | Work

Comments are disabled on this post

Comments are closed.

Hide picture