Historique

Samba4 Primaire¶

config eol

{
 "libelle_etab":            {"owner": "gen_config", "val": "ACA"},
 "adresse_ip_eth0":         {"owner": "gen_config", "val": "172.20.56.45"},
 "system_mail_to":          {"owner": "gen_config", "val": "eolebase"},
 "check_passwd":            {"owner": "gen_config", "val": "non"}, 
 "nom_domaine_local":       {"owner": "gen_config", "val": "ac-test.lan"},
 "proxy_client_adresse":    {"owner": "gen_config", "val": "172.20.210.10"},
 "exim_relay_smtp":         {"owner": "gen_config", "val": "smtp.ac-dijon.fr"},
 "netmask_ssh_eth0":        {"owner": "gen_config", "val": ["0.0.0.0"]},
 "ip_admin_eth0":           {"owner": "gen_config", "val": ["0.0.0.0"]},
 "numero_etab":             {"owner": "gen_config", "val": "0000000A"},
 "nom_machine":             {"owner": "gen_config", "val": "eolebase"},
 "netmask_admin_eth0":      {"owner": "gen_config", "val": ["0.0.0.0"]},
 "domaine_messagerie_etab": {"owner": "gen_config", "val": "ac-test.fr"},
 "ip_ssh_eth0":             {"owner": "gen_config", "val": ["0.0.0.0"]},
 "nom_academie":            {"owner": "gen_config", "val": "ac-test"},
 "adresse_ip_gw":           {"owner": "gen_config", "val": "172.20.56.254"},
 "activer_proxy_client":    {"owner": "gen_config", "val": "oui"},
 "adresse_ip_dns":          {"owner": "gen_config", "val": ["172.20.210.10"]}
}

instalation¶

ajout de %%nom_domaine_local dans hostname => faire un %if si module de type AD
le fichier hosts est OK
modification de la fstab, cf. comme on fait dans eole-fichier mais devra aussi être appliqué aux fichiers de Samba4 (sysvol, ...)
```
[libdefaults]
 dns_lookup_realm = true
 dns_lookup_kdc = true
 default_realm = AC-TEST.LAN
```
modification du krb5.conf => templatiser
provisionnement du domaine

modification smb.conf => templatiser ou utilisser samba-tool ?

# Global parameters
[global]
    workgroup = AC-TEST
    realm = ac-test.lan
    netbios name = EOLEBASE
    server role = active directory domain controller
    dns forwarder = 172.20.210.10

[netlogon]
    path = /usr/local/samba/var/locks/sysvol/ac-test.lan/scripts
    read only = No

[sysvol]
    path = /usr/local/samba/var/locks/sysvol
    read only = No

fichier resolv.conf => ???
fichier ntp.conf + modifications

EOLEisation¶

Création d'un dictionnaire Creole gérant le service "samba4" et les ouvertures de port tcp et udp.

Migration¶

Paquets supplémentaires à mettre en dépendance :

libldap2-dev python-ldap

#
# INSTALLATION SECONDAIRE !!!!!

Samba4 Secondaire¶

config eof

{
 "libelle_etab":            {"owner": "gen_config", "val": "ACA"},
 "adresse_ip_eth0":         {"owner": "gen_config", "val": "172.20.56.46"},
 "system_mail_to":          {"owner": "gen_config", "val": "eolebase"},
 "check_passwd":            {"owner": "gen_config", "val": "non"}, 
 "nom_domaine_local":       {"owner": "gen_config", "val": "ac-test.lan"},
 "proxy_client_adresse":    {"owner": "gen_config", "val": "172.20.210.10"},
 "exim_relay_smtp":         {"owner": "gen_config", "val": "smtp.ac-dijon.fr"},
 "netmask_ssh_eth0":        {"owner": "gen_config", "val": ["0.0.0.0"]},
 "ip_admin_eth0":           {"owner": "gen_config", "val": ["0.0.0.0"]},
 "numero_etab":             {"owner": "gen_config", "val": "0000000A"},
 "nom_machine":             {"owner": "gen_config", "val": "eolebase2"},
 "netmask_admin_eth0":      {"owner": "gen_config", "val": ["0.0.0.0"]},
 "domaine_messagerie_etab": {"owner": "gen_config", "val": "ac-test.fr"},
 "ip_ssh_eth0":             {"owner": "gen_config", "val": ["0.0.0.0"]},
 "nom_academie":            {"owner": "gen_config", "val": "ac-test"},
 "adresse_ip_gw":           {"owner": "gen_config", "val": "172.20.56.254"},
 "activer_proxy_client":    {"owner": "gen_config", "val": "oui"},
 "adresse_ip_dns":          {"owner": "gen_config", "val": ["172.20.210.10"]}
}

h2. instalation

#
# INSTALLATION SECONDAIRE !!!!!
# le primaire est 'eolebase' en 172.20.56.45
#

apt-get update

export DEBIAN_FRONTEND=noninteractive

apt-get -q -y install build-essential autotools-dev comerr-dev dpkg-dev ethtool krb5-multidev libacl1-dev libattr1-dev libblkid-dev \
libblkid1 libc-dev-bin libc6-dev libdevmapper1.02.1 libgcrypt11-dev libgnutls-dev libgpg-error-dev libkrb5-dev libncurses5-dev \
libpopt-dev libreadline-gplv2-dev libssl-dev libstdc++6-4.4-dev libtasn1-3-dev libudev0 linux-libc-dev manpages-dev python-dev \
udev uuid-dev zlib1g-dev krb5-user

unset DEBIAN_FRONTEND

cd /root
tar -zxvf samba-4.1.13.tar.gz
cd samba-4.1.13
./configure --with-ldap
make
make install

cp samba4.sh /etc/init.d/samba4
chmod 755 /etc/init.d/samba4
update-rc.d samba4 default

#implicite
#apt-get install ntpdate
#ntpdate pool.ntp.org
#apt-get install ntp

# socket NTP Samba
cd /usr/share/eole/creole/modif/
cp ../distrib/ntp.conf .
cat >>ntp.conf <<EOF
ntpsigndsocket  /usr/local/samba/var/lib/ntp_signd
EOF
sed -i 's/restrict default kod notrap nomodify nopeer noquery/restrict default kod notrap nomodify nopeer noquery mssntp/g' ntp.conf

# Hostname FQDN
cat >hostname <<EOF
%%nom_machine.%%nom_domaine_local
EOF

gen_patch

chgrp ntp /usr/local/samba/var/lib/ntp_signd
usermod -a -G staff ntp

reconfigure

echo "export PATH=$PATH:/usr/local/samba/sbin:/usr/local/samba/bin" >> /root/.bashrc
source /root/.bashrc

#bascule sur primaire
cat >/etc/resolv.conf <<EOF
nameserver 172.20.56.45
search ac-test.lan
EOF

cat >/etc/krb5.conf <<EOF
[libdefaults]
 dns_lookup_realm = true
 dns_lookup_kdc = true
 default_realm = AC-TEST.LAN
EOF

kinit administrator

#debug /usr/local/samba/sbin/samba -i -d9
/usr/local/samba/sbin/samba

samba-tool domain join ac-test.lan DC -U administrator --realm=ac-test.lan -W AC-TEST.LAN

samba-tool dns add 127.0.0.1 ac-test.lan ac-test.lan NS eolebase2.ac-test.lan

#bascule sur moi
cat >/etc/resolv.conf <<EOF
nameserver 127.0.0.1
search ac-test.lan
EOF

samba4 fichier¶

apt-get -q -y install build-essential autotools-dev comerr-dev dpkg-dev ethtool krb5-multidev libacl1-dev libattr1-dev libblkid-dev \
libblkid1 libc-dev-bin libc6-dev libdevmapper1.02.1 libgcrypt11-dev libgnutls-dev libgpg-error-dev libkrb5-dev libncurses5-dev \
libpopt-dev libreadline-gplv2-dev libssl-dev libstdc++6-4.4-dev libtasn1-3-dev libudev0 linux-libc-dev manpages-dev python-dev \
udev uuid-dev zlib1g-dev krb5-user acl libldap-dev libcups2-dev

./configure --with-ads --with-shared-modules=idmap_ad

Horus Web avec authentification dans AD¶

config eol

{
 "check_passwd": {"owner": "gen_config", "val": "non"},
 "nom_domaine_local": {"owner": "gen_config", "val": "ac-test.lan"},
 "proxy_client_adresse": {"owner": "gen_config", "val": "172.20.210.10"},
 "bacula_dir_password": {"owner": "gen_config", "val": "efcf727bbaab47cede2a162a26601dbc0173e0c38e751040e37dacff"},
 "web_url": {"owner": "gen_config", "val": "172.20.56.49"},
 "activer_apache": {"owner": "gen_config", "val": "oui"},
 "domaine_messagerie_etab": {"owner": "gen_config", "val": "ac-test.fr"},
 "exim_relay_smtp": {"owner": "gen_config", "val": "smtp.ac-dijon.fr"},
 "bacula_fd_password": {"owner": "gen_config", "val": "68e1170b2be9afddedd239dd543de50636d4045a399a43bae499f234"},
 "system_mail_to": {"owner": "gen_config", "val": "eolebase"},
 "ip_admin_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
 "numero_etab": {"owner": "gen_config", "val": "0000000A"},
 "netmask_admin_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
 "bacula_sd_password": {"owner": "gen_config", "val": "70ba154dd6c3967016ff8c533fe42724ca0c5ec612edebacb5a12e53"},
 "bacula_dir_name": {"owner": "gen_config", "val": "web-dir"},
 "activer_proxy_client": {"owner": "gen_config", "val": "oui"},
 "ip_ssh_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
 "libelle_etab": {"owner": "gen_config", "val": "ACA"},
 "smb_workgroup": {"owner": "gen_config", "val": "domgg"},
 "smb_netbios_name": {"owner": "gen_config", "val": "horus"},
 "netmask_ssh_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
 "adresse_ip_eth0": {"owner": "gen_config", "val": "172.20.56.49"},
 "nom_machine": {"owner": "gen_config", "val": "web"},
 "nom_academie": {"owner": "gen_config", "val": "ac-test"},
 "adresse_ip_gw": {"owner": "gen_config", "val": "172.20.56.254"},
 "adresse_ip_dns": {"owner": "gen_config", "val": ["172.20.210.10"]}
 "activer_phpmyadmin": {"owner": "gen_config", "val": "oui"}
}

instalation¶

dans firefox :
About:config ==>

network.negotiate-auth.trusted-uris = ac-test.lan

21_samba.xml.txt Voir (1,25 ko) Joël Cuissinat, 23/10/2014 13:45

Projet

Général

Profil

Distribution EOLE » Qualification, Test et Intégration continue » eole-ci-tests

Wiki

Samba4 Primaire¶

instalation¶

EOLEisation¶

Migration¶

Samba4 Secondaire¶

samba4 fichier¶

Horus Web avec authentification dans AD¶

instalation¶