Samba AD-DC pada Debian 8 as Windows 2008R2 server replacement¶
Persiapan umum (hosts, hostname, resolv.conf, fstab)¶
#!/bin/bash
#
nano /etc/hosts
#
#
127.0.0.1 localhost localhost.localdomain
10.20.2.254 DC1.sub.domain.local DC1
#
#
nano /etc/hostname
#
#
DC1
#
#
# https://wiki.samba.org/index.php/Linux_and_Unix_DNS_Configuration
nano /etc/resolv.conf
#
#
search sub.domain.local
nameserver 10.10.1.254
#
#
reboot now
Build-Install-Cleanup: krb5, ntp4 & samba4¶
krb5 - depedencies¶
#
apt-get build-dep krb5
krb5 - compile¶
# http://web.mit.edu/kerberos/krb5-current/doc/build/index.html
# http://web.mit.edu/kerberos/krb5-current/doc/build/doing_build.html
# http://techpubs.spinlocksolutions.com/dklar/kerberos.html
#
# krb5 1.15.
mkdir -p $HOME/packages-stable
cd $HOME/packages-stable
KRB5_RELEASE="1.16"
KRB5_STABLE="krb5-1.16.3"
KRB5_PGP_SIG="krb5-$KRB5_RELEASE/$KRB5_STABLE"
curl -O https://web.mit.edu/kerberos/dist/krb5/$KRB5_RELEASE/$KRB5_STABLE.tar.gz
curl -O https://web.mit.edu/kerberos/dist/krb5/$KRB5_RELEASE/$KRB5_STABLE.tar.gz.asc
curl -O http://web.mit.edu/kerberos/$KRB5_PGP_SIG.sig
tar zxvf $KRB5_STABLE.tar.gz
#
apt-get install dirmngr
#
gpg --no-default-keyring --keyring vendors.gpg --keyserver pgp.mit.edu --recv-key 0CBA08575F8372DF
gpg --verify --verbose --keyring vendors.gpg ./$KRB5_STABLE.tar.gz.asc
#
cd $KRB5_STABLE/src
#
apt-get install libreadline-dev
#
# make uninstall && make distclean
./configure --with-readline --enable-dns-for-realm --exec-prefix=/usr/local
#./configure --exec-prefix=/usr
make -j 5
make check
make install
#
krb5-config --version
gnutls3 - TLS requirement GnuTLS >= 3.4.7¶
# https://gitlab.com/gnutls/gnutls
#
apt-get build-dep gnutls-bin
apt-get install build-essential libgmp-dev
#nettle-bin nettle-dev
#
GNUNETTLE_URL="https://ftp.gnu.org/gnu/nettle"
GNUNETTLE_RELEASE="nettle-3.4"
wget -cSv $GNUNETTLE_URL/$GNUNETTLE_RELEASE.tar.gz
wget -cSv $GNUNETTLE_URL/$GNUNETTLE_RELEASE.tar.gz.sig
tar zxvf $GNUNETTLE_RELEASE.tar.gz
cd $GNUNETTLE_RELEASE
./configure --help
# ./configure
#./configure --exec-prefix=/usr
./configure --exec-prefix=/usr/local
make
make check
make install
#
ls -la /usr/local/lib | grep nettle
ln -sv /usr/local/lib/libnettle.so.6.4 /usr/lib/libnettle.so.6.4
#ln -sv /usr/lib/libnettle.so.6.4 /usr/lib/libnettle.so
ls -la /usr/lib | grep nettle
#
ln -sv /usr/local/lib/libhogweed.so.4.4 /usr/lib/libhogweed.so.4.4
#ln -sv /usr/lib/libhogweed.so.4.4 /usr/lib/libhogweed.so
ls -la /usr/lib | grep hogweed
#
#
GNUTLS_URL="https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6"
GNUTLS_RELEASE="gnutls-3.6.5"
wget -cSv $GNUTLS_URL/$GNUTLS_RELEASE.tar.xz
wget -cSv $GNUTLS_URL/$GNUTLS_RELEASE.tar.xz.sig
cd ..
tar -xvf $GNUTLS_RELEASE.tar.xz
cd $GNUTLS_RELEASE
./configure --help
# ./configure --with-included-libtasn1 --without-p11-kit
#./configure --with-included-libtasn1 --with-included-unistring
#./configure --prefix=/usr/local --enable-shared --with-included-libtasn1 --with-included-unistring --with-libdir=lib64 --with-libnettle-prefix=/usr/local
# ./configure --with-included-libtasn1 --with-included-unistring --without-p11-kit
./configure --with-libdir=lib64 --with-libnettle-prefix=/usr/local
make
make check
make install
#
ln -sv /usr/local/lib/libgnutls.so.28 /usr/lib/libgnutls.so.28
ln -sv /usr/lib/libgnutls.so.28 /usr/lib/libgnutls.so
gnutls-cli -v
ntp4 - depedencies & build¶
#
apt-get build-dep ntp
# https://askubuntu.com/questions/345183/configuration-options-while-apt-get-installing
# git clone https://anonscm.debian.org/git/pkg-ntp/pkg-ntp.git/
cd $HOME/packages-stable
NTPD_URL="https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2"
NTPD_RELEASE="ntp-4.2.8p12"
curl -O $NTPD_URL/$NTPD_RELEASE.tar.gz && \
curl -O $NTPD_URL/$NTPD_RELEASE.tar.gz.md5
tar zxvf $NTPD_RELEASE.tar.gz
#
md5sum $NTPD_RELEASE.tar.gz
cat $NTPD_RELEASE.tar.gz.md5
cd $NTPD_RELEASE
# sudo su
make uninstall && make distclean
./configure --enable-ntp-signd
make -j 5
make install
samba4 - clean up¶
# periksa dan hentikan segala layanan
ps axjf | egrep "samba|smbd|nmbd|winbindd"
#
systemctl status samba-ad-dc smbd nmbd winbindd
systemctl stop samba-ad-dc smbd nmbd winbindd
systemctl disable samba-ad-dc
# bersih2 jika sebelumnya ada installasi samba
smbd -b | grep "CONFIGFILE"
#
cat /usr/local/samba/etc/smb.conf
rm /usr/local/samba/etc/smb.conf
#
smbd -b | egrep "LOCKDIR|STATEDIR|CACHEDIR|PRIVATE_DIR"
#
# find on directory
# filter just *.tdb and *.ldb
# remove what found with the filter
find /usr/local/samba/ -type f -print | egrep "tdb$|ldb$" | xargs ls -lh
find /usr/local/samba/ -type f -print | egrep "tdb$|ldb$" | xargs rm -v
#
cat /etc/krb5.conf
mv /etc/krb5.conf{,.orig}
rm /etc/krb5.conf
#
reboot now
samba4 - depedencies¶
#
apt-get build-dep samba
#
apt-get install \
acl \
attr \
dnsutils \
gdb \
krb5-user \
libjansson-dev \
libjansson4 \
libjson-perl \
python-crypto \
python-gpgme \
python-m2crypto \
python-setproctitle \
python-setproctitle-dbg
# python-systemd
#
acl attr autoconf bison build-essential debhelper dnsutils docbook-xml \
docbook-xsl flex gdb krb5-user libacl1-dev libaio-dev libattr1-dev \
libblkid-dev libbsd-dev libcap-dev libcups2-dev libgpgme11-dev libjson-perl \
libldap2-dev libncurses5-dev libpam0g-dev libparse-yapp-perl libpopt-dev \
libreadline-dev libsystemd-dev perl perl-modules pkg-config python-all-dev \
python-crypto python-dev python-dnspython python-gpgme python-m2crypto \
xsltproc zlib1g-dev
#
# Notes for packages usage:
# - `libgnutls-dev` -> `libgnutls28-dev` on Debian >= 8
# - `perl-modules-5.24` on Debian 9
# - `libsystemd-dev` if planning using systemd
# - `libgpgme11-dev`, `python-gpgme`, `python-m2crypto` for building samba >= 4.5.0
#
# libgnutls28-dev
# libkrb5-dev krb5-multidev libauthen-krb5-admin-perl krb5-admin-server
samba4 - compile, building & install¶
# https://wiki.samba.org/index.php/Build_Samba_from_Source# sudo make install
# samba terbaru
# https://blog.svedr.in/posts/configuring-ntpd-for-a-samba-4-domain.html
# mkdir -p $HOME/packages-stable
cd $HOME/packages-stable
SAMBA4_URL="https://download.samba.org/pub/samba"
SAMBA4_RELEASE="samba-4.9.4"
curl -O $SAMBA4_URL/$SAMBA4_RELEASE.tar.gz && \
curl -O $SAMBA4_URL/$SAMBA4_RELEASE.tar.asc && \
curl -O $SAMBA4_URL/samba-pubkey.asc
gpg --import ./samba-pubkey.asc
gunzip $SAMBA4_RELEASE.tar.gz
gpg --verify --verbose ./$SAMBA4_RELEASE.tar.asc
tar xvf $SAMBA4_RELEASE.tar
cd $SAMBA4_RELEASE
# for samba4 as active directory & domain controller
# ./configure --sbindir=/sbin/ --sysconfdir=/etc/samba/ --mandir=/usr/share/man/ --with-system-mitkrb5 --enable-selftest --enable-debug
./configure --with-system-mitkrb5 --enable-gnutls --enable-selftest --enable-debug
# make distclean
make -j 5
# make test
make install
#
export PATH=/usr/local/samba/bin/:/usr/local/samba/sbin/:$PATH
samba4 - updating (optional)¶
SAMBA4_PATCHES_URL="https://download.samba.org/pub/samba/patches"
SAMBA4_PATCH="samba-4.7.3-4.7.4.diffs"
SAMBA4_RELEASE="samba-4.7.3"
cd $HOME/packages-stable
wget -O /tmp/patch.txt $SAMBA4_PATCHES_URL/$SAMBA4_PATCH.gz
gunzip $SAMBA4_PATCH.gz
cd $SAMBA4_RELEASE
patch -p 1 < ../$SAMBA4_PATCH
make uninstall && make distclean
./configure --with-system-mitkrb5 --enable-selftest --enable-debug
make -j 5
make install
samba4 - provisioning¶
#
rm -v /usr/local/samba/etc/smb.conf
rm -v /usr/local/samba/private/kdc.conf
rm -v /usr/local/samba/private/krb5.conf
#
samba-tool domain provision --help
#
samba-tool domain provision --interactive --use-rfc2307 --option="interfaces = lo eth0" --option="bind interfaces only = yes"
# samba-tool domain provision --interactive --use-rfc2307 \
# --realm=DILI.IAGS.LOCAL \
# --domain=DILI \
# --server-role=dc \
# --dns-forwarder=8.8.8.8 \
# --dns-backend=SAMBA_INTERNAL \
# --option="interfaces = lo ens18" \
# --option="bind interfaces only = yes"
##
# The Kerberos KDC configuration for Samba AD is located at /usr/local/samba/private/kdc.conf
# A Kerberos configuration suitable for Samba AD has been generated at /usr/local/samba/private/krb5.conf
# ports
# 88, 464,
cat /etc/resolv.conf
cat /usr/local/samba/etc/smb.conf
cat /usr/local/samba/private/{krb5,kdc}.conf
#
cat /etc/krb5.conf
mv /etc/krb5.conf{,.orig}
cp /usr/local/samba/private/krb5.conf /etc/krb5.conf
Managing services: krb5, ntp4 & samba4¶
krb5 - as is¶
krb5 tidak membutuhkan services sendiri, karena akan otomatis dipanggil oleh samba4
dianjurkan sejak Debian 9 menggunakan systemd
ntp4 - create ntp.sevice & ntp.conf¶
# https://digitalbarbedwire.com/2015/05/16/debianubuntu-systemd-ntp-and-something-called-timesyncd/
#
# rm /etc/systemd/system/systemd-timesyncd.service
# systemctl stop systemd-timesyncd.service
# systemctl disable systemd-timesyncd.service
# systemctl status systemd-timesyncd.service
# systemctl mask systemd-timesyncd.service
# systemctl daemon-reload
#
nano /lib/systemd/system/ntp.service
# nano /etc/systemd/system/ntp.service
#
#
# ln -s /lib/systemd/system/ntp.service /etc/systemd/system/ntp.service
systemctl enable ntp
#
systemctl daemon-reload
#
nano /etc/ntp.conf
#
ntpd -q
#
systemctl stop ntp && systemctl start ntp && systemctl status ntp
#
samba4 - modified smb.conf for local user mapping¶
# Create user map file
# https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Mapping_the_Domain_Administrator_Account_to_the_Local_root_User
#
nano /etc/smb.conf
#
#
# Domain admin account mapping to local root
username map = /usr/local/samba/etc/user.map
#
#
nano /usr/local/samba/etc/user.map
#
#
!root = DILI\Administrator
#
samba4 - create samba-ad-dc.service daemon¶
#
nano /etc/systemd/system/samba-ad-dc.service
#
# enable automatic start
systemctl enable samba-ad-dc
systemctl daemon-reload
systemctl stop samba-ad-dc && systemctl start samba-ad-dc && systemctl status samba-ad-dc
systemctl restart samba-ad-dc
systemctl status samba-ad-dc
Testing instalation result¶
ntp4 - time syncronization¶
#
# https://wiki.samba.org/index.php/Time_Synchronisation#Configuring_Time_Synchronisation_on_a_DC
##
ls -ld /usr/local/samba/var/lib/ntp_signd/
#
# chown root:staff /usr/local/samba/var/lib/ntp_signd/
chmod 750 /usr/local/samba/var/lib/ntp_signd/
#
reboot now
samba4 - configuring internal dns forwarder¶
# Rujukan: https://wiki.samba.org/index.php/Samba_Internal_DNS_Back_End#Setting_up_a_DNS_Forwarder
#
# nano /usr/local/samba/etc/smb.conf
ln -s /usr/local/samba/etc/smb.conf /etc/
nano /etc/smb.conf
#
#
# dns forwarder = 8.8.8.8
#
#
systemctl restart samba-ad-dc.service
apt install net-tools
netstat -plunt4 | grep ":53"
#
#
tcp 0 0 192.168.88.15:53 0.0.0.0:* LISTEN 914/samba tcp 0 0 192.168.88.15:53 0.0.0.0:* LISTEN 914/samba
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 914/samba
udp 0 0 192.168.88.15:53 0.0.0.0:* 914/samba
udp 0 0 127.0.0.1:53 0.0.0.0:* 914/samba
#
#
krb5 - verifying¶
# Rujukan: https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC
#
kinit [email protected]
# Precatious on bellow command, might be dangerous if someone break in to the root or nonsudo login
samba-tool user setexpiry administrator --noexpiry
#
klist
#
smbd -b | grep HAVE_LIBKADM5SRV_MIT
# HAVE_LIBKADM5SRV_MIT
smbd -b | grep HAVE_JSON_OBJECT
# HAVE_JSON_OBJECT
smbd -b | grep "PRIVATE_DIR"
# PRIVATE_DIR: /usr/local/samba/private/
krb5 - verifying kerberos started as part of samba unit daemon¶
ps axjf | egrep "samba|krb"
samba4 - testing local connection¶
#
systemctl status samba-ad-dc
smbclient -L localhost -U%
#
smbclient //localhost/netlogon -UAdministrator -c 'ls'
#
systemctl restart samba-ad-dc
samba4 - verifying internal dns¶
#
host -t SRV _ldap._tcp.dili.iags.local.
# SRV _ldap._tcp.dili.iags.local has SRV record 0 100 389 dc1.dili.iags.local.
host -t SRV _kerberos._udp.dili.iags.local.
# _kerberos._udp.dili.iags.local has SRV record 0 100 88 dc1.dili.iags.local.
host -t A dc1.dili.iags.local.
# dc1.dili.iags.local has address 10.10.1.254
Managing service content¶
samba-tool - DNS Administration¶
# https://wiki.samba.org/index.php/DNS_Administration#Administering_DNS_on_Linux.2FUnix
#
# Creating a new zone
# samba-tool dns zonecreate <Your-AD-DNS-Server-IP-or-hostname> 0.99.10.in-addr.arpa
samba-tool dns zonecreate dc1.dili.iags.local 1.10.10.in-addr.arpa -U administrator
#
# Adding an A record
# samba-tool dns add <Your-AD-DNS-Server-IP-or-hostname> samdom.example.com demo A 10.99.0.55
samba-tool dns add 10.10.1.254 dili.iags.local dc1 A 10.10.1.254 -U administrator
samba-tool dns add 10.10.1.254 dili.iags.local fs1 A 10.10.1.252 -U administrator
samba-tool dns add 10.10.1.254 dili.iags.local wskng0 A 10.10.1.101 -U administrator
#
# Adding a PTR record to a reverse zone
# samba-tool dns add <Your-AD-DNS-Server-IP-or-hostname> 0.99.10.in-addr.arpa 55 PTR demo.samdom.example.com
samba-tool dns add 10.10.1.254 1.10.10.in-addr.arpa 254 PTR dc1.dili.iags.local -U administrator
samba-tool dns add 10.10.1.254 1.10.10.in-addr.arpa 252 PTR fs1.dili.iags.local -U administrator
samba-tool dns add 10.10.1.254 1.10.10.in-addr.arpa 101 PTR wskng0.dili.iags.local -U administrator
#
# Adding a SRV record to _tcp.dili.iags.local
# samba-tool dns add <Your-AD-DNS-Server-IP-or-hostname> samdom.example.com _demo._tcp SRV 'demo.samdom.example.com 8080 0 100'
# samba-tool dns add dc1.dili.iags.local dili.iags.local _webmin._tcp SRV 'webmin.dili.iags.local 10000 0 100' -U administrator
#
# Listing existing zones
samba-tool dns zonelist dc1.dili.iags.local --primary -U administrator
# samba-tool dns zonelist 10.10.1.101 --secondary -U administrator
# samba-tool dns zonelist 192.168.88.15 --primary -U administrator
# samba-tool dns zonelist 192.168.88.15 --secondary -U administrator
#
# Listing zone information
samba-tool dns zoneinfo dc1.dili.iags.local dili.iags.local -U administrator
# samba-tool dns zoneinfo 192.168.88.15 iags.local -U administrator
#
# Listing zone records
samba-tool dns query dc1.dili.iags.local dili.iags.local @ ALL -U administrator
# samba-tool dns query 192.168.88.15 iags.local @ ALL -U administrator
Microsoft Windows RSAT - DNS Administration¶
samba_dnsupdate - testing & troubleshoting dynamic DNS¶
# https://wiki.samba.org/index.php/Testing_Dynamic_DNS_Updates
# https://wiki.samba.org/index.php/Samba_internal_DNS_Back_End#Troubleshooting
#
# samba_dnsupdate --verbose --all-name
samba_dnsupdate --verbose
#
# cat /usr/local/samba/private/dns_update_list
#
nano /usr/local/samba/etc/smb.conf
#
#
# Setting up Dynamic DNS Updates Using Kerberos
allow dns updates = nonsecure
#
#
smbcontrol all reload-config && testparm
# samba_dnsupdate --verbose --all-name
samba_dnsupdate --verbose
samba4 - port usages¶
# https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage
# Port checking for Kerberos, NTP, Samba
netstat -plunt4 | egrep "samba|smbd|nmbd|winbind|krb|ntp"
#
#
DNS (samba intenal DNS) 53 tcp/udp
Kerberos 88 tcp/udp
NTP 123 tcp
End Point Mapper (DCE/RPC Locator Service) 135 tcp
NetBIOS Name Service 137 udp
NetBIOS Datagram 138 udp
NetBIOS Session 139 tcp
LDAP 389 tcp/udp
SMB over TCP 445 tcp
Kerberos kpasswd 464 tcp/udp
LDAPS 636 tcp
Dynamic RPC Ports *** 49152-65535 tcp
Global Catalog 3268 tcp
Global Catalog SSL ** 3269 tcp
Winbindd - home & shell template¶
# https://wiki.samba.org/index.php/Configuring_Winbindd_on_a_Samba_AD_DC
#
nano /usr/local/samba/etc/smb.conf
#
#
# Winbindd template parameters
template shell = /bin/bash
template homedir = /home/%U
#
#
net cache flush
smbcontrol all reload-config && testparm
systemctl restart samba-ad-dc && systemctl status samba-ad-dc
#
ps axjf | egrep "winbindd"
# 6754 6945 6944 6754 pts/0 6944 S+ 1000 0:00 \_ grep -E winbindd 6754 6945 6944 6754 pts/0 6944 S+ 1000 0:00 \_ grep -E winbindd
# 6903 6909 6909 6909 ? -1 Ss 0 0:00 | \_ /usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
# 6909 6912 6909 6909 ? -1 S 0 0:00 | \_ /usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
wbinfo --ping-dc
# checking the NETLOGON for domain[IAGS] dc connection to "dili.iags.local" succeeded
Atur Name Service Switch¶
#
# https://wiki.samba.org/index.php/Configuring_Winbindd_on_a_Samba_AD_DC#Identity_Mapping_on_a_Samba_Domain_Controller
# https://wiki.samba.org/index.php/Configuring_Winbindd_on_a_Samba_AD_DC#Configuring_the_Name_Service_Switch
nano /etc/nsswitch.conf
#
# https://wiki.samba.org/index.php/Libnss_winbind_Links
rm -v /lib/x86_64-linux-gnu/libnss_winbind*
ln -sv /usr/local/samba/lib/libnss_winbind.so.2 /lib/x86_64-linux-gnu/
ln -sv /lib/x86_64-linux-gnu/libnss_winbind.so.2 /lib/x86_64-linux-gnu/libnss_winbind.so
ls -la /lib/x86_64-linux-gnu/ | grep winbind
ldconfig --verbose
#
smbcontrol all reload-config && testparm
systemctl restart samba-ad-dc && systemctl status samba-ad-dc
#
Setting up RFC2307 in AD¶
# https://wiki.samba.org/index.php/Setting_up_RFC2307_in_AD
#
# Verifying That the NIS Extensions Are Installed in Active Directory
ldbsearch -H /usr/local/samba/private/sam.ldb -s base -b CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=dili,DC=iags,DC=local cn
#
# # record 1
# dn: CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=dili,DC=iags,DC=local
# cn: ypservers
#
# # returned 1 records
# # 1 entries
# # 0 referrals
#
#
# Installing the NIS Extensions
samba-tool fsmo show | grep SchemaMasterRole
#
# SchemaMasterRole SchemaMasterRole owner: CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dili,DC=iags,DC=local
smb.conf - FINAL¶
#
systemctl stop samba-ad-dc.service
mv -v /usr/local/samba/etc/smb.conf{,.orig}
nano /etc/smb.conf
#
systemctl start samba-ad-dc.service
systemctl status samba-ad-dc.service
Authenticating Domain Users Using PAM¶
# https://wiki.samba.org/index.php/Pam_winbind_Link
# https://wiki.samba.org/index.php/Authenticating_Domain_Users_Using_PAM
# !!! Incorrect PAM settings can you lock out from your system !!!
#
uname -m
#
smbd -b | grep "WITH_PAM"
#
# WITH_PAM
#
# Locating the `pam_winbind.so` Library
find / -type f -name pam_winbind.so
#
# /usr/local/samba/lib/security/pam_winbind.so
#
# Link the library from this directory to your operating system's PAM module directory
ls -la /lib/x86_64-linux-gnu/security/ | grep winbind
ln -vs /usr/local/samba/lib/security/pam_winbind.so /lib/x86_64-linux-gnu/security/
#
pam-auth-update --help
Granting the SeDiskOperatorPrivilege Privilege¶
# https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs#Granting_the_SeDiskOperatorPrivilege_Privilege
# !!! You need to grant the SeDiskOperatorPrivilege privilege on the Samba server that holds the share. !!!
net rpc rights grant "DILI\Domain Admins" SeDiskOperatorPrivilege -U "DILI\administrator"
# Enter DILI\administrator's password:
# Successfully granted rights.
#
# Checking
net rpc rights list privileges SeDiskOperatorPrivilege -U "DILI\administrator"
# Enter DILI\administrator's password:
# SeDiskOperatorPrivilege:
# DILI\Domain Admins
#
Samba - confirm domain & add user¶
#
samba-tool domain level show
#
samba-tool user create #username
Using ldbedit on a Domain Controller¶
# https://wiki.samba.org/index.php/User_Home_Folders#Using_ldbedit_on_a_Domain_Controller
#
ldbedit -e nano -H /usr/local/samba/private/sam.ldb 'sAMAccountName=iags_admin'
#
#
homeDrive: H:
homeDirectory: \\stor1\Users\iags_admin\
#
#
smbcontrol all reload-config && testparm
Joining clients¶
Rujukan: https://wiki.samba.org/index.php/Joining_a_Windows_Client_or_Server_to_a_Domain
Windows 10¶
Jika mendapatkan ip melalui DHSP server pastikan IP, gateway, dan DNS sudah menunjuk ke tujuan yang tepat.
- Buka
Control Panel - Pilih
System and Security>System - Click
Change settings - On
Computer nametekan tombolChange - Ubah nama komputer jika diperlukan, pastikan restart setelah melakukan perubahan nama
- Pilih
Domain> ketikkan iags.local - Ketikkan nama pengguna saat membuat Samba AD DC, secara bawaan adalah administrator, dan ketikkan kata sandi