Samba 4.8.2 发布了, 再次用源码包编译安装一下测试做域控.
- 10.0.0.10 Centos7 1708 64 bit
- 10.0.0.11 Win 10 RSAT
首先修改一下主机名
- [root@localhost ~]# vi /etc/hostname
- dc01.contoso.com
- [root@locahost ~]# vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.10 dc01.contoso.com dc01
保存以后可以重启一下, 然后挂载光盘, 用它做源来安装一些依赖.
首先可以安装 development tools
- [root@dc01 ~]# cd /etc/yum.repos.d/
- [root@dc01 yum.repos.d]# mkdir /media/cdrom
- [root@dc01 yum.repos.d]# mount /dev/cdrom /media/cdrom
- [root@dc01 yum.repos.d]# yum -y --enablerepo=c7-media groupinstall "development tools"
再安装一些 samba 需要的包, 有一些不是必须, 遇到./configure 不行就要增加.
[root@dc01 yum.repos.d]# yum -y --enablerepo=c7-media install perl gcc attr libacl-devel libblkid-develgnutls-devel readline-devel python-devel gdb pkgconfig krb5-workstation zlib-devel setroubleshoot-server libaio-devel setroubleshoot-plugins policycoreutils-python libsemanage-python perl-ExtUtils-MakeMaker perl-Parse-Yapp perl-Test-Base popt-devel libxml2-devel libattr-develv keyutils-libs-devel cups-devel bind-utils libxslt docbook-style-xsl openldap-devel autoconf pam-devel python2-crypto libtomcrypt libtommath libidn-devel libpcap-devel cups libgnutls-dev gnutls-devel
把下载的 samba 源码包上传到 / tmp 文件夹, 也可以通过 wget 下载.
- [root@dc01 yum.repos.d]# cd /tmp
- [root@localhost tmp]# ls
- samba-4.8.2.tar.gz
- [root@dc01 tmp]# tar -xvf samba-4.8.2.tar.gz
- [root@dc01 tmp]# cd samba-4.8.2/buildtools/scripts/
- [root@dc01 scripts]# ./autogen-waf.sh
- [root@dc01 scripts]# cd /tmp/samba-4.8.2
- [root@dc01 samba-4.8.2]# ./configure
- [root@dc01 samba-4.8.2]# make && make install
注释掉 / etc/krb5.conf 的 includedir 这行, 否则提升域控会报错.
- [root@dc01 samba-4.8.2]# vi /etc/krb5.conf
- #includedir /etc/krb5.conf.d/
- [root@DC01 ~]# cd /usr/local/samba/bin
- [root@DC01 bin]# ./samba-tool domain provision --use-rfc2307 --interactive
- Realm [CONTOSO.COM]:
- Domain [CONTOSO]:
- Server Role (dc, member, standalone) [dc]:
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
- DNS forwarder IP address (write 'none' to disable forwarding) [10.0.0.20]: none
- Administrator password:Aa123456
- Retype password:Aa123456
Looking up IPv4 addresses
More than one IPv4 address found. Using 10.0.0.10
Looking up IPv6 addresses
No IPv6 address will be assigned
- Setting up share.ldb
- Setting up secrets.ldb
- Setting up the registry
- Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs
- Adding DomainDN: DC=contoso,DC=com
- Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers and extended rights
- Adding users container
- Modifying users container
- Adding computers container
- Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
- Setting up self join
- Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=contoso,DC=com
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba AD has been generated at /usr/local/samba/private/krb5.conf
Merge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink!
Setting up fake yp server settings
Once the above files are installed, your Samba AD server will be ready to use
- Server Role: active directory domain controller
- Hostname: DC01
NetBIOS Domain: CONTOSO
DNS Domain: contoso.com
DOMAIN SID: S-1-5-21-4094272009-52109158-380737006
添加防火墙规则
- [root@DC01 bin]# firewall-cmd --add-port=53/tcp --permanent;firewall-cmd --add-port=53/udp --permanent;firewall-cmd --add-port=88/tcp --permanent;firewall-cmd --add-port=88/udp --permanent; \
- > firewall-cmd --add-port=135/tcp --permanent;firewall-cmd --add-port=137-138/udp --permanent;firewall-cmd --add-port=139/tcp --permanent; \
- > firewall-cmd --add-port=389/tcp --permanent;firewall-cmd --add-port=389/udp --permanent;firewall-cmd --add-port=445/tcp --permanent; \
- > firewall-cmd --add-port=464/tcp --permanent;firewall-cmd --add-port=464/udp --permanent;firewall-cmd --add-port=636/tcp --permanent; \
- > firewall-cmd --add-port=1024-5000/tcp --permanent;firewall-cmd --add-port=3268-3269/tcp --permanent
- success
- success
- success
- success
- success
- success
- success
- success
- success
- success
- success
- success
- success
- success
- success
- [root@DC01 bin]# firewall-cmd --reload
- success
- [root@DC01 bin]#
增加一个 samba 的服务文件.
- [root@DC01 bin]# vi /etc/systemd/system/samba.service
- [Unit]
- Description= Samba 4 Active Directory
- After=syslog.target
- After=network.target
- [Service]
- Type=forking
- PIDFile=/usr/local/samba/var/run/samba.pid
- ExecStart=/usr/local/samba/sbin/samba
- [Install]
- WantedBy=multi-user.target
启动 samba
- [root@DC01 bin]# systemctl enable samba
- Created symlink from /etc/systemd/system/multi-user.target.wants/samba.service to /etc/systemd/system/samba.service.
- [root@DC01 bin]# systemctl start samba
然后就用一台 WIN10 的虚拟机设置同网段 IP,DNS 指向 10.0.0.10, 就能加入域, 重启用 contoso\administrator 和设置的密码 Aa123456 登录, 下载安装 RSAT 就能连接管理域了.
来源: http://www.bubuko.com/infodetail-2612598.html