cabrini-provision<\/a><\/p>\nroot@cabrini:\/etc\/samba#
\nroot@cabrini:\/etc#
\nroot@cabrini:\/etc# cp \/var\/lib\/samba\/private\/krb5.conf \/etc\/krb5.conf
\nUn reboot per sicurezza e quindi
\nroot@cabrini:~# kinit administrator
\nPassword for administrator@MYFIRM.LAN:
\nWarning: Your password will expire in 41 days on ven 9 giu 2023, 12:56:43
\nroot@cabrini:~# klist
\nTicket cache: FILE:\/tmp\/krb5cc_0
\nDefault principal: administrator@MYFIRM.LAN<\/p>\n
Valid starting \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Expires \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Service principal
\n28\/04\/2023 12:59:29 \u00a028\/04\/2023 22:59:29 \u00a0krbtgt\/MYFIRM.LAN@MYFIRM.LAN
\nrenew until 29\/04\/2023 10:58:45<\/p>\n
Verifichiamo il DNS<\/p>\n
root@cabrini:\/etc\/samba# dig @localhost google.it<\/p>\n
; <<>> DiG 9.16.37-Debian <<>> @localhost google.it
\n; (2 servers found)
\n;; global options: +cmd
\n;; Got answer:
\n;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37401
\n;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 8<\/p>\n
;; QUESTION SECTION:
\n;google.it. \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0IN \u00a0\u00a0\u00a0\u00a0\u00a0A<\/p>\n
;; ANSWER SECTION:
\ngoogle.it. \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0300 \u00a0\u00a0\u00a0\u00a0IN \u00a0\u00a0\u00a0\u00a0\u00a0A \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0142.250.184.99<\/p>\n
;; AUTHORITY SECTION:
\ngoogle.it. \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a07515 \u00a0\u00a0\u00a0IN \u00a0\u00a0\u00a0\u00a0\u00a0NS \u00a0\u00a0\u00a0\u00a0\u00a0ns1.google.com.
\ngoogle.it. \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a07515 \u00a0\u00a0\u00a0IN \u00a0\u00a0\u00a0\u00a0\u00a0NS \u00a0\u00a0\u00a0\u00a0\u00a0ns2.google.com.
\ngoogle.it. \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a07515 \u00a0\u00a0\u00a0IN \u00a0\u00a0\u00a0\u00a0\u00a0NS \u00a0\u00a0\u00a0\u00a0\u00a0ns3.google.com.
\ngoogle.it. \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a07515 \u00a0\u00a0\u00a0IN \u00a0\u00a0\u00a0\u00a0\u00a0NS \u00a0\u00a0\u00a0\u00a0\u00a0ns4.google.com.<\/p>\n
;; ADDITIONAL SECTION:
\nns1.google.com. \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0148747 \u00a0IN \u00a0\u00a0\u00a0\u00a0\u00a0A \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0216.239.32.10
\nns1.google.com. \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0162513 \u00a0IN \u00a0\u00a0\u00a0\u00a0\u00a0AAAA \u00a0\u00a0\u00a02001:4860:4802:32::a
\nns2.google.com. \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0148747 \u00a0IN \u00a0\u00a0\u00a0\u00a0\u00a0A \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0216.239.34.10
\nns2.google.com. \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0162513 \u00a0IN \u00a0\u00a0\u00a0\u00a0\u00a0AAAA \u00a0\u00a0\u00a02001:4860:4802:34::a
\nns3.google.com. \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0148747 \u00a0IN \u00a0\u00a0\u00a0\u00a0\u00a0A \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0216.239.36.10
\nns3.google.com. \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0162513 \u00a0IN \u00a0\u00a0\u00a0\u00a0\u00a0AAAA \u00a0\u00a0\u00a02001:4860:4802:36::a
\nns4.google.com. \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0148747 \u00a0IN \u00a0\u00a0\u00a0\u00a0\u00a0A \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0216.239.38.10
\nns4.google.com. \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0162513 \u00a0IN \u00a0\u00a0\u00a0\u00a0\u00a0AAAA \u00a0\u00a0\u00a02001:4860:4802:38::a<\/p>\n
;; Query time: 24 msec
\n;; SERVER: ::1#53(::1)
\n;; WHEN: Fri Apr 28 13:14:40 CEST 2023
\n;; MSG SIZE \u00a0rcvd: 301
\nroot@cabrini:\/etc\/samba# dig @localhost cabrini.myfirm.lan<\/p>\n
; <<>> DiG 9.16.37-Debian <<>> @localhost cabrini.myfirm.lan
\n; (2 servers found)
\n;; global options: +cmd
\n;; Got answer:
\n;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21460
\n;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0<\/p>\n
;; QUESTION SECTION:
\n;cabrini.myfirm.lan. \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0IN \u00a0\u00a0\u00a0\u00a0\u00a0A<\/p>\n
;; ANSWER SECTION:
\ncabrini.myfirm.lan. 900 \u00a0\u00a0\u00a0\u00a0IN \u00a0\u00a0\u00a0\u00a0\u00a0A \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0192.168.3.229<\/p>\n
;; AUTHORITY SECTION:
\nmyfirm.lan. \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a03600 \u00a0\u00a0\u00a0IN \u00a0\u00a0\u00a0\u00a0\u00a0SOA \u00a0\u00a0\u00a0\u00a0cabrini.myfirm.lan. hostmaster.myfirm.lan. 1 900 600 86400 3600<\/p>\n
;; Query time: 4 msec
\n;; SERVER: ::1#53(::1)
\n;; WHEN: Fri Apr 28 13:15:21 CEST 2023
\n;; MSG SIZE \u00a0rcvd: 103<\/p>\n
root@cabrini:\/etc\/samba# dig -t SRV @localhost _ldap._tcp.myfirm.lan<\/p>\n
; <<>> DiG 9.16.37-Debian <<>> -t SRV @localhost _ldap._tcp.myfirm.lan
\n; (2 servers found)
\n;; global options: +cmd
\n;; Got answer:
\n;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60704
\n;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0<\/p>\n
;; QUESTION SECTION:
\n;_ldap._tcp.myfirm.lan. \u00a0\u00a0\u00a0\u00a0IN \u00a0\u00a0\u00a0\u00a0\u00a0SRV<\/p>\n
;; ANSWER SECTION:
\n_ldap._tcp.myfirm.lan. 900 \u00a0IN \u00a0\u00a0\u00a0\u00a0\u00a0SRV \u00a0\u00a0\u00a0\u00a00 100 389 cabrini.myfirm.lan.<\/p>\n
;; AUTHORITY SECTION:
\nmyfirm.lan. \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a03600 \u00a0\u00a0\u00a0IN \u00a0\u00a0\u00a0\u00a0\u00a0SOA \u00a0\u00a0\u00a0\u00a0cabrini.myfirm.lan. hostmaster.myfirm.lan. 1 900 600 86400 3600<\/p>\n
;; Query time: 8 msec
\n;; SERVER: ::1#53(::1)
\n;; WHEN: Fri Apr 28 13:16:58 CEST 2023
\n;; MSG SIZE \u00a0rcvd: 118<\/p>\n
A questo punto creo anche le zone inverse con
\nsamba-tool dns zonecreate cabrini.myfirm.lan 3.168.192.in-addr.arpa -U administrator
\nsamba-tool dns zonecreate cabrini.myfirm.lan 2.168.192.in-addr.arpa -U administrator<\/p>\n
e creo i record PTR con<\/p>\n
samba-tool dns add cabrini.myfirm.lan 3.168.192.in-addr.arpa 1 PTR cabrini.myfirm.lan -U administrator
\nsamba-tool dns add cabrini.myfirm.lan 2.168.192.in-addr.arpa 1 PTR cabrini.myfirm.lan -U administrator
\nImportante per non restare in mezzo al guado alla fine dell’installazione ricordarsi di dare:
\nsamba-tool user setexpiry administrator –(sono 2 meno)noexpiry
\nIn caso contrario dopo 40 o 90 giorni non ho ben capito si deve cambiare la password di administrator e direi che non mi pare il caso.
\nCi siamo, il prossimo passo \u00e8 creare una VM Microsoft per testare il join al dominio e per installarci RSAT che servir\u00e0 ad amministrare l’Active directory<\/p>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
Il passo successivo \u00e8 la configurazione come AD DC si cancella il file \/etc\/smb\/smb.conf verr\u00e0 creato in automatico dalla configurazione root@cabrini:\/etc\/samba# samba-tool domain provision –server-role=dc –use-rfc2307 –dns-backend=SAMBA_INTERNAL –realm=ZINCOMETAL.LAN –domain=ZINCOMETAL –adminpass= cabrini-provision root@cabrini:\/etc\/samba# root@cabrini:\/etc# root@cabrini:\/etc# cp \/var\/lib\/samba\/private\/krb5.conf \/etc\/krb5.conf Un reboot per sicurezza e quindi root@cabrini:~# kinit administrator Password for administrator@MYFIRM.LAN: Warning: Your password will expire in […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8,11,7,6],"tags":[147,260,256,136,149],"class_list":["post-2293","post","type-post","status-publish","format-standard","hentry","category-linux","category-samba","category-sistemi-operativi","category-work","tag-ad-dc","tag-bullseye","tag-chimaera","tag-devuan","tag-samba"],"_links":{"self":[{"href":"http:\/\/clark.tipistrani.it\/index.php?rest_route=\/wp\/v2\/posts\/2293","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/clark.tipistrani.it\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/clark.tipistrani.it\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/clark.tipistrani.it\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/clark.tipistrani.it\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2293"}],"version-history":[{"count":14,"href":"http:\/\/clark.tipistrani.it\/index.php?rest_route=\/wp\/v2\/posts\/2293\/revisions"}],"predecessor-version":[{"id":2440,"href":"http:\/\/clark.tipistrani.it\/index.php?rest_route=\/wp\/v2\/posts\/2293\/revisions\/2440"}],"wp:attachment":[{"href":"http:\/\/clark.tipistrani.it\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2293"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/clark.tipistrani.it\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2293"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/clark.tipistrani.it\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2293"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}