# vi /etc/sysconfig/network HOSTNAME=dc1.zsuvoz.cz
# vi /etc/sysconfig/network-script/ifcfg-eth0 IPADDR=192.168.101.1 NETMASK=255.255.255.0
10.0.0.9 dc1.zsuvoz.cz dc1
cd /etc/yum.repos.d/ wget https://svarc:OlitADGwG77ruoelZijQN0eiesaEGV4T@download.sernet.de/packages/samba/4.1/centos/6/sernet-samba-4.1.repo cd wget http://ftp.sernet.de/pub/sernet-build-key-1.1-4.noarch.rpm rpm -i sernet-build-key-1.1-4.noarch.rpm
[sernet-samba-4.1] name=SerNet Samba 4.1 Packages (centos-6) type=rpm-md baseurl=https:///svarc:OlitADGwG77ruoelZijQN0eiesaEGV4T@download.sernet.de/packages/samba/4.1/centos/6/ gpgcheck=1 gpgkey=https:///svarc:OlitADGwG77ruoelZijQN0eiesaEGV4T@download.sernet.de/packages/samba/4.1/centos/6/repodata/repomd.xml.key enabled=1
yum install -y sernet-samba sernet-samba-ad sernet-samba-client krb5-workstation
samba-tool domain provision --use-rfc2307 --interactive --function-level=2008_R2 --interactive --use-ntvfs Realm [DOMAIN.ZSUVOZ.CZ]: Domain [DOMAIN]: Server Role (dc, member, standalone) [dc]: DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: DNS forwarder IP address (write 'none' to disable forwarding) [10.0.0.1]: Administrator password: ******** Retype password: ********
$ # samba
$ smbclient -L localhost -U% Domain=[DOMIN] OS=[Unix] Server=[Samba 4.x.y] Sharename Type Comment --------- ---- ------- netlogon Disk sysvol Disk IPC$ IPC IPC Service (Samba 4.x.y) Domain=[DOMAIN] OS=[Unix] Server=[Samba 4.x.y] Server Comment --------- ------- Workgroup Master --------- -------
$ smbclient //localhost/netlogon -UAdministrator -c 'ls' Enter Administrator's password: Domain=[DOMAIN] OS=[Unix] Server=[Samba 4.x.y] . D 0 Sat Jul 5 08:40:00 2014 .. D 0 Sat Jul 5 08:40:00 2014 49386 blocks of size 524288. 42093 blocks available
domain ad.zsuvoz.cz nameserver 10.0.0.9
$ host -t SRV _ldap._tcp.ad.zsuvoz.cz. _ldap._tcp.ad.zsuvoz.cz has SRV record 0 100 389 dc1.samdom.example.com. $ host -t SRV _kerberos._udp.ad.zsuvoz.cz. _kerberos._udp.ad.zsuvoz.cz has SRV record 0 100 88 dc1.samdom.example.com. $ host -t A dc1.ad.zsuvoz.cz. dc1.ad.zsuvoz.cz has address 192.168.1.1
cp /var/lib/samba/private/krb5.conf /etc/krb5.conf
$ # kinit administrator@AD.ZSUVOZ.CZ Password for administrator@AD.ZSUVOZ.CZ: Warning: Your password will expire in 41 days on Sat Aug 16 21:41:28 2014
$ # klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrator@AD.ZSUVOZ.CZ Valid starting Expires Service principal 07/05/14 23:20:17 07/06/14 09:20:17 krbtgt/AD.ZSUVOZ.CZ@AD.ZSUVOZ.CZ renew until 07/06/14 23:20:15
$ # ntpdate 0.centos.pool.ntp.org $ # service ntpd start $ # chkconfig ntpd on
smbclient -L <ip_dc> -U Administrator smbclient //DC1/netlogon -UAdministrator -c 'ls'