用源码编译安装Samba 4.8.2做域控

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了用源码编译安装Samba 4.8.2做域控相关的知识,希望对你有一定的参考价值。

Samba 4.8.2发布了,再次用源码包编译安装一下测试做域控。


10.0.0.10 Centos7 1708 64 bit

10.0.0.11 Win 10 RSAT 


首先修改一下主机名

[[email protected] ~]# vi /etc/hostname

dc01.contoso.com

[[email protected] ~]# vi /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

10.0.0.10   dc01.contoso.com dc01

保存以后可以重启一下,然后挂载光盘,用它做源来安装一些依赖。

首先可以安装development tools

[[email protected] ~]# cd /etc/yum.repos.d/

[[email protected] yum.repos.d]# mkdir /media/cdrom

[[email protected] yum.repos.d]# mount /dev/cdrom /media/cdrom

[[email protected] yum.repos.d]# yum -y --enablerepo=c7-media groupinstall "development tools"

再安装一些samba需要的包,有一些不是必须,遇到./configure不行就要增加。

[[email protected] yum.repos.d]# yum -y --enablerepo=c7-media install perl gcc attr libacl-devel libblkid-develgnutls-devel readline-devel python-devel gdb pkgconfig krb5-workstation zlib-devel setroubleshoot-server libaio-devel setroubleshoot-plugins policycoreutils-python libsemanage-python perl-ExtUtils-MakeMaker perl-Parse-Yapp perl-Test-Base popt-devel libxml2-devel libattr-develv keyutils-libs-devel cups-devel bind-utils libxslt docbook-style-xsl openldap-devel autoconf pam-devel python2-crypto libtomcrypt libtommath libidn-devel libpcap-devel cups libgnutls-dev gnutls-devel


把下载的samba源码包上传到/tmp文件夹,也可以通过wget下载。

[[email protected] yum.repos.d]# cd /tmp

[[email protected] tmp]# ls

samba-4.8.2.tar.gz

[[email protected] tmp]# tar -xvf samba-4.8.2.tar.gz

[[email protected] tmp]# cd samba-4.8.2/buildtools/scripts/

[[email protected] scripts]# ./autogen-waf.sh

[[email protected] scripts]# cd /tmp/samba-4.8.2

[[email protected] samba-4.8.2]# ./configure

[[email protected] samba-4.8.2]# make && make install


注释掉/etc/krb5.conf的includedir这行,否则提升域控会报错。

[[email protected] samba-4.8.2]# vi /etc/krb5.conf

#includedir /etc/krb5.conf.d/


[[email protected] ~]# cd /usr/local/samba/bin

[[email protected] bin]# ./samba-tool domain provision --use-rfc2307 --interactive

Realm [CONTOSO.COM]:

 Domain [CONTOSO]:

 Server Role (dc, member, standalone) [dc]:

 DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:

 DNS forwarder IP address (write 'none' to disable forwarding) [10.0.0.20]: none

Administrator password:Aa123456

Retype password:Aa123456

Looking up IPv4 addresses

More than one IPv4 address found. Using 10.0.0.10

Looking up IPv6 addresses

No IPv6 address will be assigned

Setting up share.ldb

Setting up secrets.ldb

Setting up the registry

Setting up the privileges database

Setting up idmap db

Setting up SAM db

Setting up sam.ldb partitions and settings

Setting up sam.ldb rootDSE

Pre-loading the Samba 4 and AD schema

Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs


Adding DomainDN: DC=contoso,DC=com

Adding configuration container

Setting up sam.ldb schema

Setting up sam.ldb configuration data

Setting up display specifiers

Modifying display specifiers and extended rights

Adding users container

Modifying users container

Adding computers container

Modifying computers container

Setting up sam.ldb data

Setting up well known security principals

Setting up sam.ldb users and groups

Setting up self join

Adding DNS accounts

Creating CN=MicrosoftDNS,CN=System,DC=contoso,DC=com

Creating DomainDnsZones and ForestDnsZones partitions

Populating DomainDnsZones and ForestDnsZones partitions

Setting up sam.ldb rootDSE marking as synchronized

Fixing provision GUIDs

A Kerberos configuration suitable for Samba AD has been generated at /usr/local/samba/private/krb5.conf

Merge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink!

Setting up fake yp server settings

Once the above files are installed, your Samba AD server will be ready to use

Server Role:           active directory domain controller

Hostname:              DC01

NetBios Domain:        CONTOSO

DNS Domain:            contoso.com

DOMAIN SID:            S-1-5-21-4094272009-52109158-380737006


添加防火墙规则

[[email protected] bin]# firewall-cmd --add-port=53/tcp --permanent;firewall-cmd --add-port=53/udp --permanent;firewall-cmd --add-port=88/tcp --permanent;firewall-cmd --add-port=88/udp --permanent; \

> firewall-cmd --add-port=135/tcp --permanent;firewall-cmd --add-port=137-138/udp --permanent;firewall-cmd --add-port=139/tcp --permanent; \

> firewall-cmd --add-port=389/tcp --permanent;firewall-cmd --add-port=389/udp --permanent;firewall-cmd --add-port=445/tcp --permanent; \

> firewall-cmd --add-port=464/tcp --permanent;firewall-cmd --add-port=464/udp --permanent;firewall-cmd --add-port=636/tcp --permanent; \

> firewall-cmd --add-port=1024-5000/tcp --permanent;firewall-cmd --add-port=3268-3269/tcp --permanent

success

success

success

success

success

success

success

success

success

success

success

success

success

success

success

[[email protected] bin]# firewall-cmd --reload

success

[[email protected] bin]#


增加一个samba的服务文件。

[[email protected] bin]# vi /etc/systemd/system/samba.service

[Unit]

Description= Samba 4 Active Directory

After=syslog.target

After=network.target


[Service]

Type=forking

PIDFile=/usr/local/samba/var/run/samba.pid

ExecStart=/usr/local/samba/sbin/samba


[Install]

WantedBy=multi-user.target


启动samba

[[email protected] bin]# systemctl enable samba

Created symlink from /etc/systemd/system/multi-user.target.wants/samba.service to /etc/systemd/system/samba.service.

[[email protected] bin]# systemctl start samba


然后就用一台WIN10的虚拟机设置同网段IP,DNS指向10.0.0.10,就能加入域,重启用contoso\administrator和设置的密码Aa123456登录,下载安装RSAT就能连接管理域了。


以上是关于用源码编译安装Samba 4.8.2做域控的主要内容,如果未能解决你的问题,请参考以下文章

Samba源码编译及安装

编译安装gcc4.8.2

源码安装samba4.3

GCC 4.8.2 编译安装

samba集成AD域控(ubuntu-16.04)

CentOS 6.3 安装 samba 共享(转)