2012年7月20日星期五

Step by step setup samba4 with Ubuntu 12.04

Step 1 Configure network and firewall
In terminal type

Configure the Network to use a static address. Edit /etc/network/interfaces

auto lo eth0
iface lo inet loopback
iface eth0 inet static
address 10.61.61.179
netmask 255.255.0.0
gateway 10.61.4.1
dns-nameservers 10.61.61.179 8.8.8.8
dns-search samba4.jtop.net

Now run

hostname
$mail

hostname -f
$mail.jtop.net

Disable Firewall
sudo ufw disable

nano etc/sysctl.conf

Disable IPV6
net.ipv6.conf.all.disable_ipv6=1

Step 2 Install Samba4

Download samba4.0.0beta3.tar.gz from http://ftp.samba.org/pub/samba/samba4/ and save it to your HOME folder

apt-get install build-essential libacl1-dev libattr1-dev \
libblkid-dev libgnutls-dev libreadline-dev python-dev \
python-dnspython gdb pkg-config libpopt-dev libldap2-dev \
bind9utils dnsutils samba4-clients emacs bind9

In terminal type
$cd /home
$tar –xvf samba4.0.0beta3.tar.gz ##Extract
$cd samba4.0.0beta3
$./configure
$make                     ##Compile
$make install            ##Install
$ nano /etc/hosts

10.61.61.179 mail.jtop.net

$ rm /usr/local/samba/etc/smb.conf
$ sudo /usr/local/samba/sbin/provision \
--realm=samba4.jtop.net --domain=SAMBA4 \
--adminpass= abc123!@#  --server-role=dc

Note: Domain must in capital letter (eg.SAMBA, JTOP or …)

Step 3: Configure Bind
Now you need to edit the bind configuration file to include the necessary configurations for Samba – Active Directory relies heavily on special DNS entries to find various services on the network.

Edit nano /etc/bind/named.conf and append the following line at the end:
include "/usr/local/samba/private/named.conf";

Edit nano /etc/bind/named.conf.options and append the following line at the end:
$nano etc/bind/named.conf.options
listen-on port 53 { 10.61.61.179; };
Allow-query { 10.61.61.179;any; };

Step 4: Adapt the AppArmor configuration

As Ubuntu is securing it’s services using AppArmor we need to make sure that Bind has the rights to access the files provided by Samba.

Edit nano /etc/apparmor.d/usr.sbin.named and append the following entries:

#Samba4

/usr/local/samba/etc/** rm,
/usr/local/samba/private/** rkw,
/usr/local/samba/private/dns/** rkw,
/usr/local/samba/lib/** rm,
/usr/local/samba/lib/bind9/** rkwm,
/usr/local/samba/lib/private/** rm,
/usr/lib/x86_64-linux-gnu/samba/bind9/** rm,
/usr/lib/x86_64-linux-gnu/samba/gensec/** rm,
/usr/lib/x86_64-linux-gnu/ldb/modules/ldb/** rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/** rm,


Now reload the configuration to take effect:

/etc/init.d/apparmor reload

Step 5: Start and test Bind

Run the following command to start Bind:
 /etc/init.d/bind9 start

nano etc/bind/named.conf.options
listen-on-v6 { none; };

Step 6: Start Samba4
$/usr/local/samba/sbin/samba
$ps –x
$ps –e | grep samba

##Now you need to test that DNS is working correctly
$host -t SRV _ldap._tcp.samba4.jtop.net.
_ldap._tcp.samba4.jtop.net has SRV record 0 100 389 mail.samba4.jtop.net.

$host -t SRV _kerberos._udp.samba4.jtop.net.
_kerberos._udp.samba4.jtop.net has SRV record 0 100 88 mail.samba4.jtop.net.

$host -t A samba4.jtop.net.
samba4.jtop.net has address 10.61.61.179

Step 7 Configure Kerberos
$cp /usr/local/samba/private/krb5.conf /etc/
$vi /etc/krb5.conf

[libdefaults]
        default_realm = SAMBA4.JTOP.NET
        dns_lookup_realm = false
        dns_lookup_kdc = true

$kinit administrator@SAMBA4.JTOP.NET ß Domain must in capital letter
password= abc123!@#

$klist -e
Debugging dynamic DNS updates
The way the automatic DNS update in Samba works is that the provision will create a file /usr/local/samba/private/dns_update_list, which contains a list of DNS entries that Samba will try to dynamically update at startup and every 10 minutes thereafter using samba_dnsupdate utility. Updates will only happen if the DNS entries do not already exist. Remember that you need nsupdate utility from bind distribution for all these to work (dnsutils package in Debian/Ubuntu).

/usr/local/samba/sbin/samba_dnsupdate --verbose

Step 8 Auto start samba4 & smbd

nano /etc/rc.local
rm -rf /usr/local/samba/var/run/smbd-fileserver.conf.pid
/usr/local/samba/sbin/samba

$reboot

没有评论: