Configure active directory domain controller on CentOS 7
# nano /etc/sysconfig/network-scripts/ifcfg-ens33
Change the highlighted sections
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=ens33
UUID=84c05b0f-7a4f-477b-80ca-758fbddf39d9
ONBOOT=yes
HWADDR=00:0C:29:5D:DD:7D
IPADDR0=192.168.28.150
PREFIX0=24
GATEWAY0=192.168.28.2
DNS1=192.168.28.150
nano /etc/sysconfig/network
HOSTNAME=server1.sourav.com
DNS1=192.168.28.150
SEARCH=sourav.com
Restart Network
# systemctl restart network
Disable SELINUX:
# vi /etc/selinux/config
Set SELINUX to disabled
SELINUX=disabled
Turn off IPTables
systemctl disable iptables
systemctl stop iptables
Set DNS:
# nano /etc/resolv.conf
Add these two lines
search sourav.com
nameserver 192.168.28.150
Run Updates
# yum update –y
Install prerequisite packages
All at once
# yum install glibc glibc-devel gcc python*
python-devel libacl-devel krb5-workstation
krb5-libs pam_krb5 bind-utils wget man ntp -y
Or one at a time
# yum install glibc –y
# yum install glibc-devel –y
# yum install gcc -y
# yum install python* -y
# yum install python-devel -y
# yum install libacl-devel -y
# yum install krb5-workstation -y
# yum install krb5-libs -y
# yum install pam_krb5 -y
# yum install bind-utils -y
# yum install wget -y
# yum install man -y
# yum install ntp -y
Make and Change to samba-master directory
# mkdir /samba-master
# cd /samba-master
Remove any previous Versions of Samba
# yum remove samba* -y
Download latest stable version of Samba
(currently 4.1.12)(for me only this version worked)
# wget http://www.samba.org/samba/ftp/stable/samba-4.1.12.tar.gz
Un gzip the samba files
# tar –xzf samba-4.1.12.tar.gz
Change to the 0folder that the Samba files went into
cd samba-4.1.12
Complile and Install Samba
# ./configure –-enable-selftest --enable-debug
# make
# make install
Edit Path
nano /etc/profile.d/custom.sh
Add these two lines and save
export PATH=$PATH:/usr/local/samba/sbin
export PATH=$PATH:/usr/local/samba/bin
chmod +x /etc/profile.d/custom.sh
Restart Server
# shutdown now -r
Provision Domain
# /usr/local/samba/bin/samba-tool domain provision
(Just type enter to accept the default values,
the password should be complex alphanumeric
otherwise an error will arise)
Add Samba to startup
# vi /etc/rc.d/rc.local
Add the following line and save
/usr/local/samba/sbin/samba
chmod +x /etc/rc.d/rc.local
Restart Server
# shutdown now -r
Verify Samba Version
# /usr/local/samba/sbin/samba -V
# /usr/local/samba/bin/smbclient --version
Verify Domain Info
# /usr/local/samba/bin/smbclient -L localhost -U%
Check DNS Forwarder
# vi /usr/local/samba/etc/smb.conf
Verify DNS forwarder is set to your Internet DNS IP
dns forwarder = 192.168.28.2
Verify your DNS Settings for Linux
# vi /etc/resolv.conf'
Verify your nameserver is set to your AD Servers IP Address
(The IP of the Server we just setup)
search sourav.com
nameserver 192.168.28.150
Verify DNS setting on you network interface
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
Verify you DNS1 is set to your AD Servers IP Address
(The IP of the Server we just setup)
DNS1="192.168.28.2"
#MUST CHANGE THIS TO
YOUR HOST IP ADDRESS!!
Verify DNS is Working by Issuing the
following commands
# host -t SRV _ldap._tcp.sourav.com.
# host -t SRV _kerberos._udp.sourav.com.
# host -t A server1.sourav.com.
Setup Kerberos
# mv /etc/krb5.conf /etc/krb5.conf.orig
# cp /usr/local/samba/share/setup/krb5.conf /etc/krb5.conf
# vi /etc/krb5.conf
Verify it look like this and has your domain info
[libdefaults]
default_realm = SOURAV.COM
dns_lookup_realm = false
dns_lookup_kdc = true
Restart Server
# shutdown now -r
Test Kerberos
# kinit administrator@SOURAV.COM
# klist
Start NTP and set it to run on startup
systemctl start ntpd
systemctl enable ntpd
Source://https://www.youtube.com/watch?v=CJrKkMCnXP0
Sourav Bhattacharya
Linux Faculty/Enthusiast for 7 years
Kolkata
No comments:
Post a Comment