{"id":16,"date":"2015-11-22T12:16:30","date_gmt":"2015-11-22T11:16:30","guid":{"rendered":"http:\/\/www.tomnem.cz\/wordpress\/?p=11"},"modified":"2015-11-22T12:16:30","modified_gmt":"2015-11-22T11:16:30","slug":"konfigurace-ubuntu-samba-jako-active-directory-controler","status":"publish","type":"post","link":"https:\/\/tomnem.cz\/wordpress\/index.php\/2015\/11\/22\/konfigurace-ubuntu-samba-jako-active-directory-controler\/","title":{"rendered":"Konfigurace Ubuntu Samba jako Active directory controler."},"content":{"rendered":"\n

 <\/span><\/p>\n\n\n

Tento n\u00e1vod testov\u00e1n na Ubuntu 16.04. Pro nov\u011bj\u0161\u00ed verze bude vyd\u00e1na \u00faprava.
Nakonfigurujeme s\u00ed\u0165ov\u00e9 rozhran\u00ed
\/etc\/network\/interfaces<\/span><\/span><\/p>\n\n\n

# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
 address 192.168.1.80
 netmask 255.255.255.0
 network 192.168.1.0
 broadcast 192.168.1.255
 gateway 192.168.1.1
 dns-nameservers 192.168.1.80 8.8.8.8
 dns-search domov.local
\ufeff<\/pre>\n\n\n
Pro server pot\u0159ebuje pevn\u011b zadan\u00e9 hodnoty:
Nakonfigurujeme soubor \/etc\/hosts<\/span><\/p>\n\n\n
127.0.0.1 localhost
192.168.1.80 Domena.domov.local 
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters<\/pre>\n\n\n
Pot\u0159eba dopsat pln\u00e9 dom\u00e9nov\u00e9 jm\u00e9no po\u010d\u00edta\u010de a vn\u011bj\u0161\u00ed IP adresu ve druh\u00e9m \u0159\u00e1dku.
D\u00e1le mus\u00edme upravit soubor \/etc\/hostname<\/span>
Vlo\u017e\u00edme do n\u011bj pln\u00e9 dom\u00e9nov\u00e9 jm\u00e9no stroje<\/p>\n\n\n
Domena.domov.local<\/pre>\n\n\n
Provedeme restart po\u010d\u00edta\u010de.
Nainstalujeme z\u00e1vislosti pro instalaci samby se zdrojov\u00fdch kod\u016f:<\/p>\n\n\n
apt-get install git build-essential libacl1-dev libattr1-dev libblkid-dev libgnutls-dev libreadline-dev python-dev python-dnspython gdb pkg-config libpopt-dev libldap2-dev dnsutils libbsd-dev attr krb5-user docbook-xsl libcups2-dev libpam0g-dev ntp -y<\/pre>\n\n\n
Pozor v dialogu nastaven\u00ed pro Kerberos version 5 REARM pou\u017e\u00edt velk\u00e1 p\u00edsmena a napsat n\u00e1zev dom\u00e9ny:
DOMOV.LOCAL
V dal\u0161\u00edch ot\u00e1zk\u00e1ch pou\u017e\u00edt poze z\u00e1kladn\u00ed jm\u00e9no serveru Domena.
St\u00e1hneme Sambu<\/p>\n\n\n
git clone -b v4-1-stable git:\/\/git.samba.org\/samba.git samba4
cd samba4<\/pre>\n\n\n
D\u00e1le zkompilujeme<\/p>\n\n\n
.\/configure --enable-debug --enable-selftest
make
make install<\/pre>\n\n\n
Vytvo\u0159\u00edme konfiguraci Dom\u00e9ny:<\/p>\n\n\n
\/usr\/local\/samba\/bin\/samba-tool domain provision --realm=domov.local --domain=DOMOV --adminpass=\"heslo\" --server-role=dc --dns-backend=SAMBA_INTERNAL<\/pre>\n\n\n
Nastartujeme sambu:<\/p>\n\n\n
\/usr\/local\/samba\/sbin\/samba<\/pre>\n\n\n
Mus\u00edme zajistit pou\u017eit\u00ed intern\u00ed DNS samby:
do souboru \/etc\/rc.local<\/span><\/span> p\u0159id\u00e1me tento \u0159\u00e1dek:<\/p>\n\n\n
echo domain DOMOV.LOCAL >> \/etc\/resolv.conf<\/pre>\n\n\n
D\u00e1le mus\u00edme upravit soubor \/usr\/local\/samba\/etc\/smb.conf<\/span><\/p>\n\n\n
# Global parameters
[global]
 workgroup = DOMOV
 realm = domov.local
 netbios name = DOMENA
 server role = active directory domain controller
 dns forwarder = 8.8.8.8
[netlogon]
 path = \/usr\/local\/samba\/var\/locks\/sysvol\/domov.local\/scripts
 read only = No
[sysvol]
 path = \/usr\/local\/samba\/var\/locks\/sysvol
 read only = No
[Users]
 directory_mode: parameter = 700
 path = \/Users
 read only = No
 csc policy = documents<\/pre>\n\n\n
Nakonfigurujeme kerberos5:
soubor \/usr\/local\/samba\/share\/setup\/krb5.conf<\/span><\/span><\/p>\n\n\n
[libdefaults]
 default_realm = DOMOV.LOCAL
 dns_lookup_realm = false
 dns_lookup_kdc = true
[realms]
 DOMOV.LOCAL = {
 kdc = Domena.domov.local
 admin_server = Domena.domov.local
 }<\/pre>\n\n\n
Otestujeme kerberos:<\/p>\n\n\n
kinit administrator@DOMOV.LOCAL<\/a>
klist -e<\/pre>\n\n\n
P\u0159iprav\u00edme domovsk\u00e9 adres\u00e1\u0159e u\u017eivatel\u016f:<\/p>\n\n\n
mkdir -m 770 \/Users
chmod g+s \/Users
chown root \/Users<\/pre>\n\n\n
Nastaven\u00ed parametr\u016f hesla administr\u00e1tora<\/p>\n\n\n
\/usr\/local\/samba\/bin\/samba-tool user setexpiry administrator --noexpiry<\/pre>\n\n\n
do \/etc\/rc.local <\/span>p\u0159id\u00e1me spu\u0161t\u011bn\u00ed samby<\/p>\n\n\n
\/usr\/local\/samba\/sbin\/samba<\/pre>\n","protected":false},"excerpt":{"rendered":"
  Tento n\u00e1vod testov\u00e1n na Ubuntu 16.04. Pro nov\u011bj\u0161\u00ed verze bude vyd\u00e1na \u00faprava.Nakonfigurujeme s\u00ed\u0165ov\u00e9 rozhran\u00ed\/etc\/network\/interfaces # interfaces(5) file used by ifup(8) and ifdown(8)auto loiface lo inet loopbackauto eth0iface eth0 inet static address 192.168.1.80 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.1 dns-nameservers 192.168.1.80 8.8.8.8 dns-search domov.local\ufeff Pro server pot\u0159ebuje pevn\u011b zadan\u00e9 hodnoty:Nakonfigurujeme soubor \/etc\/hosts 127.0.0.1 …
Pokra\u010dovat ve\u00a0\u010dten\u00ed Konfigurace Ubuntu Samba jako Active directory controler.<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":7,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"_links":{"self":[{"href":"https:\/\/tomnem.cz\/wordpress\/index.php\/wp-json\/wp\/v2\/posts\/16"}],"collection":[{"href":"https:\/\/tomnem.cz\/wordpress\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tomnem.cz\/wordpress\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tomnem.cz\/wordpress\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tomnem.cz\/wordpress\/index.php\/wp-json\/wp\/v2\/comments?post=16"}],"version-history":[{"count":0,"href":"https:\/\/tomnem.cz\/wordpress\/index.php\/wp-json\/wp\/v2\/posts\/16\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tomnem.cz\/wordpress\/index.php\/wp-json\/wp\/v2\/pages\/7"}],"wp:attachment":[{"href":"https:\/\/tomnem.cz\/wordpress\/index.php\/wp-json\/wp\/v2\/media?parent=16"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tomnem.cz\/wordpress\/index.php\/wp-json\/wp\/v2\/categories?post=16"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tomnem.cz\/wordpress\/index.php\/wp-json\/wp\/v2\/tags?post=16"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}