Samba4 Primaire¶
config eol
{
"libelle_etab": {"owner": "gen_config", "val": "ACA"},
"adresse_ip_eth0": {"owner": "gen_config", "val": "172.20.56.45"},
"system_mail_to": {"owner": "gen_config", "val": "eolebase"},
"check_passwd": {"owner": "gen_config", "val": "non"},
"nom_domaine_local": {"owner": "gen_config", "val": "ac-test.lan"},
"proxy_client_adresse": {"owner": "gen_config", "val": "172.20.210.10"},
"exim_relay_smtp": {"owner": "gen_config", "val": "smtp.ac-dijon.fr"},
"netmask_ssh_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"ip_admin_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"numero_etab": {"owner": "gen_config", "val": "0000000A"},
"nom_machine": {"owner": "gen_config", "val": "eolebase"},
"netmask_admin_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"domaine_messagerie_etab": {"owner": "gen_config", "val": "ac-test.fr"},
"ip_ssh_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"nom_academie": {"owner": "gen_config", "val": "ac-test"},
"adresse_ip_gw": {"owner": "gen_config", "val": "172.20.56.254"},
"activer_proxy_client": {"owner": "gen_config", "val": "oui"},
"adresse_ip_dns": {"owner": "gen_config", "val": ["172.20.210.10"]}
}
{
"libelle_etab": {"owner": "gen_config", "val": "ACA"},
"adresse_ip_eth0": {"owner": "gen_config", "val": "172.20.56.45"},
"system_mail_to": {"owner": "gen_config", "val": "eolebase"},
"check_passwd": {"owner": "gen_config", "val": "non"},
"nom_domaine_local": {"owner": "gen_config", "val": "ac-test.lan"},
"proxy_client_adresse": {"owner": "gen_config", "val": "172.20.210.10"},
"exim_relay_smtp": {"owner": "gen_config", "val": "smtp.ac-dijon.fr"},
"netmask_ssh_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"ip_admin_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"numero_etab": {"owner": "gen_config", "val": "0000000A"},
"nom_machine": {"owner": "gen_config", "val": "eolebase"},
"netmask_admin_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"domaine_messagerie_etab": {"owner": "gen_config", "val": "ac-test.fr"},
"ip_ssh_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"nom_academie": {"owner": "gen_config", "val": "ac-test"},
"adresse_ip_gw": {"owner": "gen_config", "val": "172.20.56.254"},
"activer_proxy_client": {"owner": "gen_config", "val": "oui"},
"adresse_ip_dns": {"owner": "gen_config", "val": ["172.20.210.10"]}
}
instalation¶
- ajout de %%nom_domaine_local dans
hostname
=> faire un %if si module de type AD - le fichier
hosts
est OK - modification de la fstab, cf. comme on fait dans
eole-fichier
mais devra aussi être appliqué aux fichiers de Samba4 (sysvol, ...)[libdefaults] dns_lookup_realm = true dns_lookup_kdc = true default_realm = AC-TEST.LAN
- modification du
krb5.conf
=> templatiser - provisionnement du domaine
- modification smb.conf => templatiser ou utilisser samba-tool ?
# Global parameters [global] workgroup = AC-TEST realm = ac-test.lan netbios name = EOLEBASE server role = active directory domain controller dns forwarder = 172.20.210.10 [netlogon] path = /usr/local/samba/var/locks/sysvol/ac-test.lan/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No
- fichier resolv.conf => ???
- fichier ntp.conf + modifications
EOLEisation¶
Création d'un dictionnaire Creole gérant le service "samba4" et les ouvertures de port tcp et udp.
Migration¶
Paquets supplémentaires à mettre en dépendance :
libldap2-dev python-ldap
# # INSTALLATION SECONDAIRE !!!!!
Samba4 Secondaire¶
config eof
{
"libelle_etab": {"owner": "gen_config", "val": "ACA"},
"adresse_ip_eth0": {"owner": "gen_config", "val": "172.20.56.46"},
"system_mail_to": {"owner": "gen_config", "val": "eolebase"},
"check_passwd": {"owner": "gen_config", "val": "non"},
"nom_domaine_local": {"owner": "gen_config", "val": "ac-test.lan"},
"proxy_client_adresse": {"owner": "gen_config", "val": "172.20.210.10"},
"exim_relay_smtp": {"owner": "gen_config", "val": "smtp.ac-dijon.fr"},
"netmask_ssh_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"ip_admin_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"numero_etab": {"owner": "gen_config", "val": "0000000A"},
"nom_machine": {"owner": "gen_config", "val": "eolebase2"},
"netmask_admin_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"domaine_messagerie_etab": {"owner": "gen_config", "val": "ac-test.fr"},
"ip_ssh_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"nom_academie": {"owner": "gen_config", "val": "ac-test"},
"adresse_ip_gw": {"owner": "gen_config", "val": "172.20.56.254"},
"activer_proxy_client": {"owner": "gen_config", "val": "oui"},
"adresse_ip_dns": {"owner": "gen_config", "val": ["172.20.210.10"]}
}
h2. instalation
{
"libelle_etab": {"owner": "gen_config", "val": "ACA"},
"adresse_ip_eth0": {"owner": "gen_config", "val": "172.20.56.46"},
"system_mail_to": {"owner": "gen_config", "val": "eolebase"},
"check_passwd": {"owner": "gen_config", "val": "non"},
"nom_domaine_local": {"owner": "gen_config", "val": "ac-test.lan"},
"proxy_client_adresse": {"owner": "gen_config", "val": "172.20.210.10"},
"exim_relay_smtp": {"owner": "gen_config", "val": "smtp.ac-dijon.fr"},
"netmask_ssh_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"ip_admin_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"numero_etab": {"owner": "gen_config", "val": "0000000A"},
"nom_machine": {"owner": "gen_config", "val": "eolebase2"},
"netmask_admin_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"domaine_messagerie_etab": {"owner": "gen_config", "val": "ac-test.fr"},
"ip_ssh_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"nom_academie": {"owner": "gen_config", "val": "ac-test"},
"adresse_ip_gw": {"owner": "gen_config", "val": "172.20.56.254"},
"activer_proxy_client": {"owner": "gen_config", "val": "oui"},
"adresse_ip_dns": {"owner": "gen_config", "val": ["172.20.210.10"]}
}
# # INSTALLATION SECONDAIRE !!!!! # le primaire est 'eolebase' en 172.20.56.45 # apt-get update export DEBIAN_FRONTEND=noninteractive apt-get -q -y install build-essential autotools-dev comerr-dev dpkg-dev ethtool krb5-multidev libacl1-dev libattr1-dev libblkid-dev \ libblkid1 libc-dev-bin libc6-dev libdevmapper1.02.1 libgcrypt11-dev libgnutls-dev libgpg-error-dev libkrb5-dev libncurses5-dev \ libpopt-dev libreadline-gplv2-dev libssl-dev libstdc++6-4.4-dev libtasn1-3-dev libudev0 linux-libc-dev manpages-dev python-dev \ udev uuid-dev zlib1g-dev krb5-user unset DEBIAN_FRONTEND cd /root tar -zxvf samba-4.1.13.tar.gz cd samba-4.1.13 ./configure --with-ldap make make install cp samba4.sh /etc/init.d/samba4 chmod 755 /etc/init.d/samba4 update-rc.d samba4 default #implicite #apt-get install ntpdate #ntpdate pool.ntp.org #apt-get install ntp # socket NTP Samba cd /usr/share/eole/creole/modif/ cp ../distrib/ntp.conf . cat >>ntp.conf <<EOF ntpsigndsocket /usr/local/samba/var/lib/ntp_signd EOF sed -i 's/restrict default kod notrap nomodify nopeer noquery/restrict default kod notrap nomodify nopeer noquery mssntp/g' ntp.conf # Hostname FQDN cat >hostname <<EOF %%nom_machine.%%nom_domaine_local EOF gen_patch chgrp ntp /usr/local/samba/var/lib/ntp_signd usermod -a -G staff ntp reconfigure echo "export PATH=$PATH:/usr/local/samba/sbin:/usr/local/samba/bin" >> /root/.bashrc source /root/.bashrc #bascule sur primaire cat >/etc/resolv.conf <<EOF nameserver 172.20.56.45 search ac-test.lan EOF cat >/etc/krb5.conf <<EOF [libdefaults] dns_lookup_realm = true dns_lookup_kdc = true default_realm = AC-TEST.LAN EOF kinit administrator #debug /usr/local/samba/sbin/samba -i -d9 /usr/local/samba/sbin/samba samba-tool domain join ac-test.lan DC -U administrator --realm=ac-test.lan -W AC-TEST.LAN samba-tool dns add 127.0.0.1 ac-test.lan ac-test.lan NS eolebase2.ac-test.lan #bascule sur moi cat >/etc/resolv.conf <<EOF nameserver 127.0.0.1 search ac-test.lan EOF
samba4 fichier¶
apt-get -q -y install build-essential autotools-dev comerr-dev dpkg-dev ethtool krb5-multidev libacl1-dev libattr1-dev libblkid-dev \ libblkid1 libc-dev-bin libc6-dev libdevmapper1.02.1 libgcrypt11-dev libgnutls-dev libgpg-error-dev libkrb5-dev libncurses5-dev \ libpopt-dev libreadline-gplv2-dev libssl-dev libstdc++6-4.4-dev libtasn1-3-dev libudev0 linux-libc-dev manpages-dev python-dev \ udev uuid-dev zlib1g-dev krb5-user acl libldap-dev libcups2-dev ./configure --with-ads --with-shared-modules=idmap_ad
Horus Web avec authentification dans AD¶
config eol
{
"check_passwd": {"owner": "gen_config", "val": "non"},
"nom_domaine_local": {"owner": "gen_config", "val": "ac-test.lan"},
"proxy_client_adresse": {"owner": "gen_config", "val": "172.20.210.10"},
"bacula_dir_password": {"owner": "gen_config", "val": "efcf727bbaab47cede2a162a26601dbc0173e0c38e751040e37dacff"},
"web_url": {"owner": "gen_config", "val": "172.20.56.49"},
"activer_apache": {"owner": "gen_config", "val": "oui"},
"domaine_messagerie_etab": {"owner": "gen_config", "val": "ac-test.fr"},
"exim_relay_smtp": {"owner": "gen_config", "val": "smtp.ac-dijon.fr"},
"bacula_fd_password": {"owner": "gen_config", "val": "68e1170b2be9afddedd239dd543de50636d4045a399a43bae499f234"},
"system_mail_to": {"owner": "gen_config", "val": "eolebase"},
"ip_admin_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"numero_etab": {"owner": "gen_config", "val": "0000000A"},
"netmask_admin_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"bacula_sd_password": {"owner": "gen_config", "val": "70ba154dd6c3967016ff8c533fe42724ca0c5ec612edebacb5a12e53"},
"bacula_dir_name": {"owner": "gen_config", "val": "web-dir"},
"activer_proxy_client": {"owner": "gen_config", "val": "oui"},
"ip_ssh_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"libelle_etab": {"owner": "gen_config", "val": "ACA"},
"smb_workgroup": {"owner": "gen_config", "val": "domgg"},
"smb_netbios_name": {"owner": "gen_config", "val": "horus"},
"netmask_ssh_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"adresse_ip_eth0": {"owner": "gen_config", "val": "172.20.56.49"},
"nom_machine": {"owner": "gen_config", "val": "web"},
"nom_academie": {"owner": "gen_config", "val": "ac-test"},
"adresse_ip_gw": {"owner": "gen_config", "val": "172.20.56.254"},
"adresse_ip_dns": {"owner": "gen_config", "val": ["172.20.210.10"]}
"activer_phpmyadmin": {"owner": "gen_config", "val": "oui"}
}
{
"check_passwd": {"owner": "gen_config", "val": "non"},
"nom_domaine_local": {"owner": "gen_config", "val": "ac-test.lan"},
"proxy_client_adresse": {"owner": "gen_config", "val": "172.20.210.10"},
"bacula_dir_password": {"owner": "gen_config", "val": "efcf727bbaab47cede2a162a26601dbc0173e0c38e751040e37dacff"},
"web_url": {"owner": "gen_config", "val": "172.20.56.49"},
"activer_apache": {"owner": "gen_config", "val": "oui"},
"domaine_messagerie_etab": {"owner": "gen_config", "val": "ac-test.fr"},
"exim_relay_smtp": {"owner": "gen_config", "val": "smtp.ac-dijon.fr"},
"bacula_fd_password": {"owner": "gen_config", "val": "68e1170b2be9afddedd239dd543de50636d4045a399a43bae499f234"},
"system_mail_to": {"owner": "gen_config", "val": "eolebase"},
"ip_admin_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"numero_etab": {"owner": "gen_config", "val": "0000000A"},
"netmask_admin_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"bacula_sd_password": {"owner": "gen_config", "val": "70ba154dd6c3967016ff8c533fe42724ca0c5ec612edebacb5a12e53"},
"bacula_dir_name": {"owner": "gen_config", "val": "web-dir"},
"activer_proxy_client": {"owner": "gen_config", "val": "oui"},
"ip_ssh_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"libelle_etab": {"owner": "gen_config", "val": "ACA"},
"smb_workgroup": {"owner": "gen_config", "val": "domgg"},
"smb_netbios_name": {"owner": "gen_config", "val": "horus"},
"netmask_ssh_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"adresse_ip_eth0": {"owner": "gen_config", "val": "172.20.56.49"},
"nom_machine": {"owner": "gen_config", "val": "web"},
"nom_academie": {"owner": "gen_config", "val": "ac-test"},
"adresse_ip_gw": {"owner": "gen_config", "val": "172.20.56.254"},
"adresse_ip_dns": {"owner": "gen_config", "val": ["172.20.210.10"]}
"activer_phpmyadmin": {"owner": "gen_config", "val": "oui"}
}
instalation¶
dans firefox :
About:config ==>
network.negotiate-auth.trusted-uris = ac-test.lan