Контролер домена на Ubuntu 18.04
Материал из m6a
apt-get -y install samba krb5-config winbind smbclient krb5-user
548 apt-get -y install samba krb5-config smbclient krb5-user 549 samba-tool domain provision --use-rfc2307 --interactive 550 mv /etc/samba/smb.conf /etc/samba/smb.conf.bkp 551 samba-tool domain provision --use-rfc2307 --interactive 552 systemctl stop smbd nmbd winbind 553 systemctl disable smbd nmbd winbind 554 systemctl mask smbd nmbd winbind 555 systemctl unmask samba-ad-dc 556 systemctl start samba-ad-dc 557 systemctl enable samba-ad-dc 558 history 559 vi /etc/netplan/50-cloud-init.yaml 560 vi /etc/resolv.conf 561 ln -s /var/lib/samba/private/krb5.conf /etc/ 562 rm /etc/krb5.conf 563 ln -s /var/lib/samba/private/krb5.conf /etc/ 564 smbclient -L localhost -U% 565 reboot 566 smbclient -L localhost -U% 567 smbclient //localhost/netlogon -UAdministrator -c 'ls' 568 host -t SRV _ldap._tcp.serg.local. 569 host -t SRV _kerberos._udp.serg.local 570 host -t SRV _kerberos._udp.serg.local. 571 host -t A fs.serg.local 572 kinit administrator 573 history 574 vi /etc/netplan/50-cloud-init.yaml 575 vi /etc/resolv.conf 576 klist 577 vi /etc/samba/smb.conf 578 netstat -tulpn | grep ":53" 579 service bind9 stop 580 systemctl disable bind9.service 581 reboot 582 netstat -tulpn | grep ":53" 583 history 584 host -t SRV _ldap._tcp.serg.local. 585 host -t SRV _kerberos._udp.serg.local 586 host -t SRV _kerberos._udp.serg.local. 587 host -t A fs.serg.local 588 kinit administrator 589 kinit administrator@serg.local 590 vi /etc/krb5.conf 591 smbclient -L localhost -U% 592 apt-get -y install krb5-config krb5-user 593 kinit administrator 594 date 595 vi /etc/krb5.conf 596 host -t A SERG.LOCAL 597 vi /etc/krb5.conf 598 host SERG.LOCAL 599 apt-get -y install libpam-krb5 600 kinit administrator 601 reboot 602 kinit administrator 603 samba-tool domain provision --use-rfc2307 --interactive 604 kinit administrator 605 cat /etc/hosts 606 cat /etc/krb5.conf 607 vi /etc/krb5.conf 608 reboot 609 kinit administrator 610 history
vi /etc/krb5.conf
[libdefaults]
default_realm = SERG.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = true
- The following krb5.conf variables are only for MIT Kerberos.
kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true
- The following libdefaults parameters are only for Heimdal Kerberos.
fcc-mit-ticketflags = true
[realms]
SERG.LOCAL = {
kdc = fs.serg.local
admin_server = fs.serg.local
default_domain = serg.local
}
[domain_realm]
.serg.local = SERG.LOCAL serg.local = SERG.LOCAL
[logging]
default = FILE:/var/log/kerberos/krb5-libs.log kdc = FILE:/var/log/kerberos/krb5-kdc.log admin_server = FILE:/var/log/kerberos/krb5-admin.log
