Samba4 Active Directory 설치
by 박경원 · Published 2019년 10월 14일 · Updated 2019년 10월 15일
[참고] https://www.tecmint.com/install-samba4-active-directory-ubuntu/
설정 후
DNS를 자동 업데이트 하기 위해서는
vi /etc/samba/smb.conf
nsupdate command = nsupdate
allow dns updates = nonsecure
추가해야 함
sudo systemctl restart samba-ad-dc.service
samba_dnsupdate –verbose –all-names 오류가 없어야 함
수정 및 재시작
[samba]
vi /etc/samba/smb.conf
sudo systemctl restart samba-ad-dc.service
[ip address]
vi /etc/network/interfaces
vi /etc/resolv.conf
sudo systemctl restart networking.service
[dhcp]
vi /etc/dhcp/dhcpd.conf
sudo systemctl restart isc-dhcp-server.service
cat /etc/samba/smb.conf
Global parameters
[global]
workgroup = ECMDEV
realm = ECMDEV.LO
netbios name = ADC
log level = 3
server role = active directory domain controller
dns forwarder = 192.168.137.1
nsupdate command = nsupdate
allow dns updates = nonsecure
idmap_ldb:use rfc2307 = yes
template shell = /bin/bash
winbind use default domain = true
winbind offline logon = false
winbind nss info = rfc2307
winbind enum users = yes
winbind enum groups = yes
[netlogon]
path = /var/lib/samba/sysvol/ecmdev.lo/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[nas]
path = /nas
read only = No
[nas_test]
path = /nas_test
read only = No
test@adc:~$ cat /etc/resolv.conf
Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
DO NOT EDIT THIS FILE BY HAND — YOUR CHANGES WILL BE OVERWRITTEN
nameserver 192.168.137.2
nameserver 192.168.137.1
search ecmdev.lo
ls -l /dev/disk/by-uuid
test@adc:~$ cat /etc/fstab
/etc/fstab: static file system information.
Use ‘blkid’ to print the universally unique identifier for a
device; this may be used with UUID= as a more robust way to name devices
that works even if disks are added and removed. See fstab(5).
/ was on /dev/sda1 during installation
UUID=28e34a5f-f6c5-4afb-87ab-ddcf902489ab / ext4 user_xattr,acl,barrier=1,errors=remount-ro 0 1
swap was on /dev/sda5 during installation
UUID=ae4b223b-a328-48d4-a46d-f59dea75d3ec none swap sw 0 0
UUID=71597a02-390a-4ae3-a5b7-9fb2e60bd834 /nas ext4 defaults 00
UUID=2ec2cd01-4aaf-4d2a-ad9e-b20e5110dd0c /nas_test ext4 defaults 00
test@adc:~$ cat /etc/network/interfaces
This file describes the network interfaces available on your system
and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
The loopback network interface
auto lo
iface lo inet loopback
The primary network interface
auto ens33
iface ens33 inet dhcp
iface ens33 inet static
address 192.168.137.2
netmask 255.255.255.0
gateway 192.168.137.1
dns-nameservers 192.168.137.2 192.168.137.1
dns-nameservers 192.168.137.2
dns-search ecmdev.lo
test@adc:~$ cat /etc/dhcp/dhcpd.conf
ddns-update-style none;
option domain-name “ecmdev.lo”;
option domain-name-servers adc.ecmdev.lo;
default-lease-time 600;
max-lease-time 7200;
authoritative;
log-facility local7;
subnet 192.168.137.0 netmask 255.255.255.0 {
range 192.168.137.20 192.168.137.90;
option domain-name-servers adc.ecmdev.lo,192.168.137.1;
option domain-name “ecmdev.lo”;
option routers 192.168.137.1;
option broadcast-address 192.168.137.255;
default-lease-time 600;
max-lease-time 7200;
}
host sysmgr-w7 {
hardware ethernet 00:0C:29:0F:74:8D;
fixed-address 192.168.137.25;
}
host pc-ctrl {
hardware ethernet 00:0C:29:9D:2C:A7;
fixed-address 192.168.137.102;
}
host ecm_dev {
hardware ethernet 00:0C:29:69:09:D7;
fixed-address 192.168.137.101;
}
test@adc:~$ sudo samba-tool domain passwordsettings show
sudo samba-tool domain passwordsettings -h
penta@adc:~$ sudo samba-tool domain passwordsettings set –complexity=off
penta@adc:~$ sudo samba-tool domain passwordsettings set –history-length=0
penta@adc:~$ sudo samba-tool domain passwordsettings set –min-pwd-length=4
penta@adc:~$ sudo samba-tool domain passwordsettings set –min-pwd-age=0
penta@adc:~$ sudo samba-tool domain passwordsettings set –max-pwd-age=0
<article class="post-1554 post type-post status-publish format-standard hentry category-linux"><div class="post-inner group">
<h1 class="post-title entry-title">Samba4 Active Directory 설치</h1>
<p class="post-byline">
by <span class="vcard author">
<span class="fn"><a href="https://appi77.github.io/my-tips/author/appi77/" rel="author" title="박경원이(가) 작성한 글">박경원</a></span>
</span>
·
Published <time class="published" datetime="2019년 10월 14일">2019년 10월 14일</time>
· Updated <time class="updated" datetime="2019년 10월 15일">2019년 10월 15일</time></p>
<div class="clear"></div>
<div class="entry themeform">
<div class="entry-inner">
<p>[참고] <a href="https://www.tecmint.com/install-samba4-active-directory-ubuntu/" rel="nofollow noopener noreferrer" target="_blank">https://www.tecmint.com/install-samba4-active-directory-ubuntu/</a></p>
<p><a href="https://helia.ee/koolitus/linuxi-materjalid/debian/create-active-directory-infrastructure-samba4-ubuntu/" rel="nofollow noopener noreferrer" target="_blank">https://helia.ee/koolitus/linuxi-materjalid/debian/create-active-directory-infrastructure-samba4-ubuntu/</a></p>
<p>설정 후<br/>
DNS를 자동 업데이트 하기 위해서는<br/>
vi /etc/samba/smb.conf<br/>
nsupdate command = nsupdate<br/>
allow dns updates = nonsecure<br/>
추가해야 함<br/>
sudo systemctl restart samba-ad-dc.service<br/>
samba_dnsupdate –verbose –all-names 오류가 없어야 함</p>
<p>수정 및 재시작<br/>
[samba]<br/>
vi /etc/samba/smb.conf<br/>
sudo systemctl restart samba-ad-dc.service<br/>
[ip address]<br/>
vi /etc/network/interfaces<br/>
vi /etc/resolv.conf<br/>
sudo systemctl restart networking.service<br/>
[dhcp]<br/>
vi /etc/dhcp/dhcpd.conf<br/>
sudo systemctl restart isc-dhcp-server.service</p>
<p>cat /etc/samba/smb.conf<br/>
# Global parameters<br/>
[global]<br/>
workgroup = ECMDEV<br/>
realm = ECMDEV.LO<br/>
netbios name = ADC<br/>
log level = 3<br/>
server role = active directory domain controller<br/>
dns forwarder = 192.168.137.1<br/>
nsupdate command = nsupdate<br/>
allow dns updates = nonsecure<br/>
idmap_ldb:use rfc2307 = yes</p>
<p>template shell = /bin/bash<br/>
winbind use default domain = true<br/>
winbind offline logon = false<br/>
winbind nss info = rfc2307</p>
<p>winbind enum users = yes<br/>
winbind enum groups = yes</p>
<p>[netlogon]<br/>
path = /var/lib/samba/sysvol/ecmdev.lo/scripts<br/>
read only = No</p>
<p>[sysvol]<br/>
path = /var/lib/samba/sysvol<br/>
read only = No</p>
<p>[nas]<br/>
path = /nas<br/>
read only = No</p>
<p>[nas_test]<br/>
path = /nas_test<br/>
read only = No</p>
<p> </p>
<p>test@adc:~$ cat /etc/resolv.conf<br/>
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)<br/>
# DO NOT EDIT THIS FILE BY HAND — YOUR CHANGES WILL BE OVERWRITTEN<br/>
nameserver 192.168.137.2<br/>
nameserver 192.168.137.1<br/>
search ecmdev.lo</p>
<p>ls -l /dev/disk/by-uuid</p>
<p>test@adc:~$ cat /etc/fstab<br/>
# /etc/fstab: static file system information.<br/>
#<br/>
# Use ‘blkid’ to print the universally unique identifier for a<br/>
# device; this may be used with UUID= as a more robust way to name devices<br/>
# that works even if disks are added and removed. See fstab(5).<br/>
#<br/>
# <file system=""> <mount point=""> <type> <options> <dump> <pass><br/>
# / was on /dev/sda1 during installation<br/>
UUID=28e34a5f-f6c5-4afb-87ab-ddcf902489ab / ext4 user_xattr,acl,barrier=1,errors=remount-ro 0 1<br/>
# swap was on /dev/sda5 during installation<br/>
UUID=ae4b223b-a328-48d4-a46d-f59dea75d3ec none swap sw 0 0<br/>
UUID=71597a02-390a-4ae3-a5b7-9fb2e60bd834 /nas ext4 defaults 00<br/>
UUID=2ec2cd01-4aaf-4d2a-ad9e-b20e5110dd0c /nas_test ext4 defaults 00</pass></dump></options></type></mount></file></p>
<p>test@adc:~$ cat /etc/network/interfaces<br/>
# This file describes the network interfaces available on your system<br/>
# and how to activate them. For more information, see interfaces(5).</p>
<p>source /etc/network/interfaces.d/*</p>
<p># The loopback network interface<br/>
auto lo<br/>
iface lo inet loopback</p>
<p># The primary network interface<br/>
auto ens33<br/>
#iface ens33 inet dhcp<br/>
iface ens33 inet static<br/>
address 192.168.137.2<br/>
netmask 255.255.255.0<br/>
gateway 192.168.137.1<br/>
dns-nameservers 192.168.137.2 192.168.137.1<br/>
#dns-nameservers 192.168.137.2<br/>
dns-search ecmdev.lo</p>
<p>test@adc:~$ cat /etc/dhcp/dhcpd.conf</p>
<p>ddns-update-style none;</p>
<p>option domain-name “ecmdev.lo”;<br/>
option domain-name-servers adc.ecmdev.lo;</p>
<p>default-lease-time 600;<br/>
max-lease-time 7200;</p>
<p>authoritative;</p>
<p>log-facility local7;</p>
<p>subnet 192.168.137.0 netmask 255.255.255.0 {<br/>
range 192.168.137.20 192.168.137.90;<br/>
option domain-name-servers adc.ecmdev.lo,192.168.137.1;<br/>
option domain-name “ecmdev.lo”;<br/>
option routers 192.168.137.1;<br/>
option broadcast-address 192.168.137.255;<br/>
default-lease-time 600;<br/>
max-lease-time 7200;<br/>
}</p>
<p>host sysmgr-w7 {<br/>
hardware ethernet 00:0C:29:0F:74:8D;<br/>
fixed-address 192.168.137.25;<br/>
}<br/>
host pc-ctrl {<br/>
hardware ethernet 00:0C:29:9D:2C:A7;<br/>
fixed-address 192.168.137.102;<br/>
}<br/>
host ecm_dev {<br/>
hardware ethernet 00:0C:29:69:09:D7;<br/>
fixed-address 192.168.137.101;<br/>
}</p>
<p> </p>
<p>test@adc:~$ sudo samba-tool domain passwordsettings show<br/>
# sudo samba-tool domain passwordsettings -h<br/>
penta@adc:~$ sudo samba-tool domain passwordsettings set –complexity=off<br/>
penta@adc:~$ sudo samba-tool domain passwordsettings set –history-length=0<br/>
penta@adc:~$ sudo samba-tool domain passwordsettings set –min-pwd-length=4<br/>
penta@adc:~$ sudo samba-tool domain passwordsettings set –min-pwd-age=0<br/>
penta@adc:~$ sudo samba-tool domain passwordsettings set –max-pwd-age=0</p>
<nav class="pagination group"></nav></div>
<div class="clear"></div>
</div>
</div>
</article>