Monday, February 9, 2015

Samba 4 Active Directory Domain Controller on CentOS 7 part 1



Configure active directory domain controller on CentOS 7

# nano /etc/sysconfig/network-scripts/ifcfg-ens33

Change the highlighted sections

TYPE=Ethernet

BOOTPROTO=static

DEFROUTE=yes

IPV4_FAILURE_FATAL=yes

IPV6INIT=no

IPV6_AUTOCONF=yes

IPV6_DEFROUTE=yes

IPV6_PEERDNS=yes

IPV6_PEERROUTES=yes

IPV6_FAILURE_FATAL=no

NAME=ens33

UUID=84c05b0f-7a4f-477b-80ca-758fbddf39d9

ONBOOT=yes

HWADDR=00:0C:29:5D:DD:7D

IPADDR0=192.168.28.150

PREFIX0=24

GATEWAY0=192.168.28.2

DNS1=192.168.28.150

nano /etc/sysconfig/network

HOSTNAME=server1.sourav.com

DNS1=192.168.28.150

SEARCH=sourav.com

Restart Network

# systemctl restart network

Disable SELINUX:

# vi /etc/selinux/config

Set SELINUX to disabled



SELINUX=disabled

Turn off IPTables

systemctl disable iptables

systemctl stop iptables

Set DNS:

# nano /etc/resolv.conf

Add these two lines

search sourav.com

nameserver 192.168.28.150

Run Updates

# yum update –y

Install prerequisite packages

All at once

# yum install glibc glibc-devel gcc python*

 python-devel libacl-devel krb5-workstation

 krb5-libs pam_krb5 bind-utils wget man ntp -y

Or one at a time

# yum install glibc –y

# yum install glibc-devel –y

# yum install gcc -y

# yum install python* -y

# yum install python-devel -y

# yum install libacl-devel -y

# yum install krb5-workstation -y

# yum install krb5-libs -y

# yum install pam_krb5 -y

# yum install bind-utils -y

# yum install wget -y

# yum install man -y

# yum install ntp -y

Make and Change to samba-master directory

# mkdir /samba-master

# cd /samba-master

Remove any previous Versions of Samba

# yum remove samba* -y

Download latest stable version of Samba

 (currently 4.1.12)(for me only this version worked)

# wget http://www.samba.org/samba/ftp/stable/samba-4.1.12.tar.gz

Un gzip the samba files

# tar –xzf samba-4.1.12.tar.gz

Change to the 0folder that the Samba files went into

cd samba-4.1.12

Complile and Install Samba

# ./configure –-enable-selftest  --enable-debug

# make

# make install

Edit Path

nano /etc/profile.d/custom.sh

Add these two lines and save

export PATH=$PATH:/usr/local/samba/sbin

export PATH=$PATH:/usr/local/samba/bin

chmod +x /etc/profile.d/custom.sh

Restart Server

# shutdown now -r

Provision Domain

# /usr/local/samba/bin/samba-tool domain provision

(Just type enter to accept the default values,

the password should be complex alphanumeric

 otherwise an error will arise)

Add Samba to startup

# vi /etc/rc.d/rc.local

Add the following line and save

/usr/local/samba/sbin/samba

chmod +x /etc/rc.d/rc.local

Restart Server

# shutdown now -r

Verify Samba Version

# /usr/local/samba/sbin/samba -V

# /usr/local/samba/bin/smbclient --version

Verify Domain Info

# /usr/local/samba/bin/smbclient -L localhost -U%

Check DNS Forwarder

# vi /usr/local/samba/etc/smb.conf

Verify DNS forwarder is set to your Internet DNS IP

dns forwarder = 192.168.28.2

Verify your DNS Settings for Linux

# vi /etc/resolv.conf'

Verify your nameserver is set to your AD Servers IP Address

 (The IP of the Server we  just setup)

search sourav.com

nameserver 192.168.28.150

Verify DNS setting on you network interface

# vi /etc/sysconfig/network-scripts/ifcfg-eth0

Verify you DNS1 is set to your AD Servers IP Address

(The IP of the Server we just setup)

DNS1="192.168.28.2"

 #MUST CHANGE THIS TO

 YOUR HOST IP ADDRESS!!

Verify DNS is Working by Issuing the

 following commands

# host -t SRV _ldap._tcp.sourav.com.

# host -t SRV _kerberos._udp.sourav.com.

# host -t A server1.sourav.com.

Setup Kerberos

# mv /etc/krb5.conf /etc/krb5.conf.orig

# cp /usr/local/samba/share/setup/krb5.conf /etc/krb5.conf

# vi /etc/krb5.conf

Verify it look like this and has your domain info

[libdefaults]

default_realm = SOURAV.COM

dns_lookup_realm = false

dns_lookup_kdc = true

Restart Server

# shutdown now -r

Test Kerberos

# kinit administrator@SOURAV.COM

# klist

Start NTP and set it to run on startup

systemctl start ntpd

systemctl enable ntpd

Source://https://www.youtube.com/watch?v=CJrKkMCnXP0 




Sourav Bhattacharya

Linux Faculty/Enthusiast for 7 years

Kolkata

No comments:

Post a Comment