Контроллер домена SAMBA 4
Установка Samba4 из пакетов
Debian/Ubuntu
# apt install samba winbind
# rm /etc/samba/smb.conf
Инициализация домена
server# samba-tool domain provision --use-rfc2307 --interactive
...
Realm [CORPX.UN]:
Domain [CORPX]:
Server Role (dc, member, standalone) [dc]:
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
DNS forwarder IP address (write 'none' to disable forwarding) [172.16.1.254]:
Administrator password: Pa$$w0rd
Retype password: Pa$$w0rd
...
server# cp /var/lib/samba/private/krb5.conf /etc/krb5.conf
server# testparm
debian# systemctl disable smbd
debian# systemctl unmask samba-ad-dc.service
debian# systemctl enable samba-ad-dc.service
server# cat /etc/samba/smb.conf
[global]
ldap server require strong auth = no
...
server# init 6
server# cat /etc/resolv.conf
search corpX.un
nameserver 127.0.0.1
Управление доменом
Управление пользователями
# samba-tool user create user1 'Pa$$w0rd1' --given-name Ivan --initials I --surname Ivanov --uid-number 10001 --gid-number 10001 --login-shell /bin/bash --unix-home /home/user1
# samba-tool group add guser1 --nis-domain=CORP13 --gid-number=10001
# samba-tool user create user2 --given-name Petr --initials P --surname Petrov
# samba-tool user setpassword user2
# samba-tool user list
Управление DNS
# kinit Administrator
# samba-tool dns add server corpX.un gate A 192.168.X.1
# samba-tool dns delete server corpX.un gate A 192.168.X.1
# samba-tool dns add server corpX.un _xmpp-client._tcp SRV 'gate.corpX.un 5222 0 0'
Управление всем остальным