Mepụta akụrụngwa ndekọ aha na-arụ ọrụ na Samba4 na Ubuntu - Part 1

Samba bụ ngwanrọ mepere emepe na-akwụghị ụgwọ nke na-enye mmekorita ọkọlọtọ n'etiti Windows OS na Linux/Unix Operating Systems.

Samba nwere ike ịrụ ọrụ dị ka faịlụ kwụụrụ onwe ya na bipụta ihe nkesa maka ndị ahịa Windows na Linux site na SMB/CIFS protocol suite ma ọ bụ nwee ike rụọ ọrụ dị ka onye njikwa ngalaba ndekọ aha ma ọ bụ sonye n'ime Realm dị ka onye otu ngalaba. Ngalaba AD DC kachasị elu na ọkwa oke ọhịa nke Samba4 nwere ike iṅomi ugbu a bụ Windows 2008 R2.

Usoro a ga-akpọ Setting Up Samba4 Active Directory Domain Controller, nke na-ekpuchi isiokwu ndị a maka Ubuntu, CentOS, na Windows:

Nkuzi a ga-amalite site n'ịkọwa usoro niile ịchọrọ ilekọta anya iji wụnye na hazie Samba4 dị ka onye njikwa ngalaba na Ubuntu 16.04 na Ubuntu 14.04.

Nhazi a ga-enye ebe njikwa etiti maka ndị ọrụ, igwe, oke olu, ikike na akụrụngwa ndị ọzọ na akụrụngwa Windows agwakọtara - Linux.

1. Nwụnye nkesa nke Ubuntu 16.04.
2. Nwụnye nkesa nke Ubuntu 14.04.
3. Adreesị IP kwụ ọtọ ahaziri maka sava AD DC gị.

Kwụpụ 1: Nhazi izizi maka Samba4

1. Tupu na-aga n'ihu gị Samba4 AD DC nwụnye mbụ ka anyị na-agba ọsọ ole na ole tupu achọrọ nzọụkwụ. Buru ụzọ hụ na sistemụ ahụ emelitere yana njirimara nchekwa ikpeazụ, kernels na ngwugwu site n'inye iwu dị n'okpuru:

$ sudo apt-get update 
$ sudo apt-get upgrade
$ sudo apt-get dist-upgrade

2. Ọzọ, mepee igwe/wdg/fstab faịlụ ma kwenye na usoro faịlụ nkebi gị nwere ACL dị ka e gosipụtara na nseta ihuenyo dị n'okpuru.

Ọtụtụ mgbe, sistemụ faịlụ Linux ọgbara ọhụrụ dị ka ext3, ext4, xfs ma ọ bụ btrfs na-akwado ma nwee ACL na ndabara nyere ya aka. Ọ bụrụ na ọ bụghị otú ahụ na sistemụ faịlụ gị, mepee faịlụ /etc/fstab maka edezi wee gbakwunye eriri acl na njedebe nke kọlụm nke atọ wee malitegharịa igwe ka itinye mgbanwe.

3. N'ikpeazụ dozie aha nnabata igwe gị na aha nkọwa, dị ka adc1 ejiri mee ihe atụ a, site na dezie /etc/hostname file ma ọ bụ site na ịnye.

$ sudo hostnamectl set-hostname adc1

Nrụgharị dị mkpa mgbe ị gbanweela aha igwe gị iji tinye mgbanwe.

Kwụpụ 2: Wụnye ngwugwu achọrọ maka Samba4 AD DC

4. Iji gbanwee ihe nkesa gị ka ọ bụrụ Onye njikwa ngalaba na-arụ ọrụ, wụnye Samba na ngwugwu niile achọrọ na igwe gị site na ịnye iwu dị n'okpuru na ikike mgbọrọgwụ na njikwa.

$ sudo apt-get install samba krb5-user krb5-config winbind libpam-winbind libnss-winbind

5. Mgbe echichi na-agba ọsọ a ga-ajụ ajụjụ site na installer iji hazie ngalaba njikwa.

Na ihuenyo nke mbụ ị ga-achọ itinye aha maka ndabara Kerberos REALM na mkpụrụedemede ukwu. Tinye aha ị ga-eji maka ngalaba gị na mkpụrụedemede ukwu wee kụọ Tinye ka ịga n'ihu.

6. Ọzọ, tinye aha nnabata nke sava Kerberos maka ngalaba gị. Jiri otu aha ahụ dị ka ngalaba gị, jiri obere obere oge a wee kụọ Tinye ka ọ gaa n'ihu.

7. N'ikpeazụ, ezipụta aha nnabata maka ihe nkesa nhazi nke mpaghara Kerberos gị. Jiri otu ihe ahụ dị ka ngalaba gị wee kụọ Tinye ka ịmechaa nrụnye.

Kwụpụ 3: Nyekwa Samba AD DC maka ngalaba gị

8. Tupu ịmalite ịhazi Samba maka ngalaba gị, buru ụzọ mee iwu ndị dị n'okpuru ebe a iji kwụsị ma gbanyụọ samba daemons niile.

$ sudo systemctl stop samba-ad-dc.service smbd.service nmbd.service winbind.service
$ sudo systemctl disable samba-ad-dc.service smbd.service nmbd.service winbind.service

9. Na-esote, nyegharịa ma ọ bụ wepụ samba nhazi mbụ. A na-achọrọ nzọụkwụ a nke ọma tupu ịnye Samba AD n'ihi na n'oge ndokwa Samba ga-emepụta faịlụ nhazi ọhụrụ site na ọkọ na ọ ga-atụfu ụfọdụ njehie ma ọ bụrụ na ọ chọta faịlụ smb.conf ochie.

$ sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.initial

10. Ugbu a, malite na ngalaba provisioning interactively site n'inye n'okpuru iwu na mgbọrọgwụ privilities na-anabata ndabara nhọrọ na Samba na-enye gị.

Ọzọkwa, jide n'aka na ị nyefere adreesị IP maka onye na-ebugharị DNS na ụlọ gị (ma ọ bụ mpụga) wee họrọ paswọọdụ siri ike maka akaụntụ nchịkwa. Ọ bụrụ na ịhọrọ paswọọdụ izu maka akaụntụ nchịkwa, ndokwa ngalaba ahụ ga-ada.

$ sudo samba-tool domain provision --use-rfc2307 --interactive

11. N'ikpeazụ, nyegharịa ma ọ bụ wepụ Kerberos isi nhazi faịlụ na/wdg ndekọ ma dochie ya site na iji a symlink na Samba ọhụrụ emepụtara Kerberos faịlụ dị na/var/lib/samba/private ụzọ site n'inye iwu n'okpuru:

$ sudo mv /etc/krb5.conf /etc/krb5.conf.initial
$ sudo ln -s /var/lib/samba/private/krb5.conf /etc/

12. Malite ma mee ka Samba Active Directory Domain Controller daemons.

$ sudo systemctl start samba-ad-dc.service
$ sudo systemctl status samba-ad-dc.service
$ sudo systemctl enable samba-ad-dc.service

13. Na-esote, jiri iwu netstat iji nyochaa ndepụta ọrụ niile achọrọ ka ọ rụọ ọrụ nke ọma.

$ sudo netstat –tulpn| egrep ‘smbd|samba’

Kwụpụ 4: Nhazi Samba ikpeazụ

14. N'oge a Samba kwesịrị ịrụ ọrụ nke ọma na ụlọ gị. Ọkwa ngalaba kachasị elu Samba na-eṅomi kwesịrị ịbụ Windows AD DC 2008 R2.

Enwere ike nyochaa ya site na enyemaka nke samba-tool utility.

$ sudo samba-tool domain level show

15. Ka DNS mkpebi na-arụ ọrụ na mpaghara, ị kwesịrị imeghe njedebe edit netwọk interface ntọala na rụtụ aka na DNS mkpebi site gbanwee dns-nameservers nkwupụta na adreesị IP nke gị na ngalaba njikwa (jiri 127.0.0.1 maka mpaghara DNS mkpebi) na dns-nchọ okwu iji rụtụ aka n'alaeze gị.

$ sudo cat /etc/network/interfaces
$ sudo cat /etc/resolv.conf

Mgbe emechara, malitegharịa ihe nkesa gị wee lelee faịlụ gị na-edozi iji jide n'aka na ọ na-atụ aka azụ na sava aha DNS ziri ezi.

16. N'ikpeazụ, nwalee DNS resolver site n'inye ajụjụ na pings megide ụfọdụ AD DC dị oké mkpa ndekọ, dị ka na n'okpuru ebe. Dochie ngalaba aha ya.

$ ping -c3 tecmint.lan         #Domain Name
$ ping -c3 adc1.tecmint.lan   #FQDN
$ ping -c3 adc1               #Host

Gbaa ọsọ na-eso ajụjụ ole na ole megide Samba Active Directory Domain Controller.

$ host -t A tecmint.lan
$ host -t A adc1.tecmint.lan
$ host -t SRV _kerberos._udp.tecmint.lan  # UDP Kerberos SRV record
$ host -t SRV _ldap._tcp.tecmint.lan # TCP LDAP SRV record

17. Ọzọkwa, nyochaa njirimara Kerberos site na ịrịọ tiketi maka akaụntụ nchịkwa ngalaba wee depụta tiketi echekwara. Jiri nnukwu mkpụrụedemede dee ngalaba aha ngalaba.

$ kinit [email 
$ klist

Ọ gwụla! Ugbu a ị nwere njikwa ngalaba AD na-arụ ọrụ nke ọma na netwọk gị ma ị nwere ike ịmalite itinye Windows ma ọ bụ Linux igwe n'ime Samba AD.

Na usoro na-esote anyị ga-ekpuchi isiokwu Samba AD ndị ọzọ, dị ka otu esi ejikwa ị bụ onye na-ahụ maka ngalaba site na akara iwu Samba, otu esi ejikọta Windows 10 n'ime aha ngalaba ma jikwaa Samba AD site na iji RSAT na isiokwu ndị ọzọ dị mkpa.