Samba4 » Historique » Version 13
Version 12 (Gilles Grandgérard, 23/10/2014 13:52) → Version 13/14 (Joël Cuissinat, 23/10/2014 13:56)
h1. Samba4 Primaire
h2. config eol
<pre><code class="JSON">
{
"libelle_etab": {"owner": "gen_config", "val": "ACA"},
"adresse_ip_eth0": {"owner": "gen_config", "val": "172.20.56.45"},
"system_mail_to": {"owner": "gen_config", "val": "eolebase"},
"check_passwd": {"owner": "gen_config", "val": "non"},
"nom_domaine_local": {"owner": "gen_config", "val": "ac-test.lan"},
"proxy_client_adresse": {"owner": "gen_config", "val": "172.20.210.10"},
"exim_relay_smtp": {"owner": "gen_config", "val": "smtp.ac-dijon.fr"},
"netmask_ssh_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"ip_admin_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"numero_etab": {"owner": "gen_config", "val": "0000000A"},
"nom_machine": {"owner": "gen_config", "val": "eolebase"},
"netmask_admin_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"domaine_messagerie_etab": {"owner": "gen_config", "val": "ac-test.fr"},
"ip_ssh_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"nom_academie": {"owner": "gen_config", "val": "ac-test"},
"adresse_ip_gw": {"owner": "gen_config", "val": "172.20.56.254"},
"activer_proxy_client": {"owner": "gen_config", "val": "oui"},
"adresse_ip_dns": {"owner": "gen_config", "val": ["172.20.210.10"]}
}
</code></pre>
h2. instalation
# ajout de %%nom_domaine_local dans @hostname@ => faire un %if si module de type AD
# le fichier @hosts@ est OK
# modification de la fstab, cf. comme on fait dans @eole-fichier@ mais devra aussi être appliqué aux fichiers de Samba4 (sysvol, ...)
<pre>
[libdefaults]
dns_lookup_realm = true
dns_lookup_kdc = true
default_realm = AC-TEST.LAN
</pre>
# modification du @krb5.conf@ => templatiser
# provisionnement du domaine
# modification smb.conf => templatiser ou utilisser samba-tool ?
<pre>
# Global parameters
[global]
workgroup = AC-TEST
realm = ac-test.lan
netbios name = EOLEBASE
server role = active directory domain controller
dns forwarder = 172.20.210.10
[netlogon]
path = /usr/local/samba/var/locks/sysvol/ac-test.lan/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
</pre>
# fichier resolv.conf => ???
# fichier ntp.conf + modifications
h2. EOLEisation
Création d'un dictionnaire Creole gérant le service "samba4" et les ouvertures de port tcp et udp.
h2. Migration
Paquets supplémentaires à mettre en dépendance :
<pre>
libldap2-dev python-ldap
</pre>
<pre>
#
# INSTALLATION SECONDAIRE !!!!!
</pre>
h1. Samba4 Secondaire
h2. config eof
<pre><code class="JSON">
{
"libelle_etab": {"owner": "gen_config", "val": "ACA"},
"adresse_ip_eth0": {"owner": "gen_config", "val": "172.20.56.46"},
"system_mail_to": {"owner": "gen_config", "val": "eolebase"},
"check_passwd": {"owner": "gen_config", "val": "non"},
"nom_domaine_local": {"owner": "gen_config", "val": "ac-test.lan"},
"proxy_client_adresse": {"owner": "gen_config", "val": "172.20.210.10"},
"exim_relay_smtp": {"owner": "gen_config", "val": "smtp.ac-dijon.fr"},
"netmask_ssh_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"ip_admin_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"numero_etab": {"owner": "gen_config", "val": "0000000A"},
"nom_machine": {"owner": "gen_config", "val": "eolebase2"},
"netmask_admin_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"domaine_messagerie_etab": {"owner": "gen_config", "val": "ac-test.fr"},
"ip_ssh_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"nom_academie": {"owner": "gen_config", "val": "ac-test"},
"adresse_ip_gw": {"owner": "gen_config", "val": "172.20.56.254"},
"activer_proxy_client": {"owner": "gen_config", "val": "oui"},
"adresse_ip_dns": {"owner": "gen_config", "val": ["172.20.210.10"]}
}
</code></pre>
h2. instalation
<pre>
#
# INSTALLATION SECONDAIRE !!!!!
# le primaire est 'eolebase' en 172.20.56.45
#
apt-get update
export DEBIAN_FRONTEND=noninteractive
apt-get -q -y install build-essential autotools-dev comerr-dev dpkg-dev ethtool krb5-multidev libacl1-dev libattr1-dev libblkid-dev \
libblkid1 libc-dev-bin libc6-dev libdevmapper1.02.1 libgcrypt11-dev libgnutls-dev libgpg-error-dev libkrb5-dev libncurses5-dev \
libpopt-dev libreadline-gplv2-dev libssl-dev libstdc++6-4.4-dev libtasn1-3-dev libudev0 linux-libc-dev manpages-dev python-dev \
udev uuid-dev zlib1g-dev krb5-user
unset DEBIAN_FRONTEND
cd /root
tar -zxvf samba-4.1.13.tar.gz
cd samba-4.1.13
./configure --with-ldap
make
make install
cp samba4.sh /etc/init.d/samba4
chmod 755 /etc/init.d/samba4
update-rc.d samba4 default
#implicite
#apt-get install ntpdate
#ntpdate pool.ntp.org
#apt-get install ntp
# socket NTP Samba
cd /usr/share/eole/creole/modif/
cp ../distrib/ntp.conf .
cat >>ntp.conf <<EOF
ntpsigndsocket /usr/local/samba/var/lib/ntp_signd
EOF
sed -i 's/restrict default kod notrap nomodify nopeer noquery/restrict default kod notrap nomodify nopeer noquery mssntp/g' ntp.conf
# Hostname FQDN
cat >hostname <<EOF
%%nom_machine.%%nom_domaine_local
EOF
gen_patch
chgrp ntp /usr/local/samba/var/lib/ntp_signd
usermod -a -G staff ntp
reconfigure
echo "export PATH=$PATH:/usr/local/samba/sbin:/usr/local/samba/bin" >> /root/.bashrc
source /root/.bashrc
#bascule sur primaire
cat >/etc/resolv.conf <<EOF
nameserver 172.20.56.45
search ac-test.lan
EOF
cat >/etc/krb5.conf <<EOF
[libdefaults]
dns_lookup_realm = true
dns_lookup_kdc = true
default_realm = AC-TEST.LAN
EOF
kinit administrator
#debug /usr/local/samba/sbin/samba -i -d9
/usr/local/samba/sbin/samba
samba-tool domain join ac-test.lan DC -U administrator --realm=ac-test.lan -W AC-TEST.LAN
samba-tool dns add 127.0.0.1 ac-test.lan ac-test.lan NS eolebase2.ac-test.lan
#bascule sur moi
cat >/etc/resolv.conf <<EOF
nameserver 127.0.0.1
search ac-test.lan
EOF
</pre>
h1. samba4 fichier
<pre>
apt-get -q -y install build-essential autotools-dev comerr-dev dpkg-dev ethtool krb5-multidev libacl1-dev libattr1-dev libblkid-dev \
libblkid1 libc-dev-bin libc6-dev libdevmapper1.02.1 libgcrypt11-dev libgnutls-dev libgpg-error-dev libkrb5-dev libncurses5-dev \
libpopt-dev libreadline-gplv2-dev libssl-dev libstdc++6-4.4-dev libtasn1-3-dev libudev0 linux-libc-dev manpages-dev python-dev \
udev uuid-dev zlib1g-dev krb5-user acl libldap-dev libcups2-dev
./configure --with-ads --with-shared-modules=idmap_ad
</pre>
h1. Horus Web avec authentification dans AD
h2. config eol
<pre><code class="JSON">
{
"check_passwd": {"owner": "gen_config", "val": "non"},
"nom_domaine_local": {"owner": "gen_config", "val": "ac-test.lan"},
"proxy_client_adresse": {"owner": "gen_config", "val": "172.20.210.10"},
"bacula_dir_password": {"owner": "gen_config", "val": "efcf727bbaab47cede2a162a26601dbc0173e0c38e751040e37dacff"},
"web_url": {"owner": "gen_config", "val": "172.20.56.49"},
"activer_apache": {"owner": "gen_config", "val": "oui"},
"domaine_messagerie_etab": {"owner": "gen_config", "val": "ac-test.fr"},
"exim_relay_smtp": {"owner": "gen_config", "val": "smtp.ac-dijon.fr"},
"bacula_fd_password": {"owner": "gen_config", "val": "68e1170b2be9afddedd239dd543de50636d4045a399a43bae499f234"},
"system_mail_to": {"owner": "gen_config", "val": "eolebase"},
"ip_admin_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"numero_etab": {"owner": "gen_config", "val": "0000000A"},
"netmask_admin_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"bacula_sd_password": {"owner": "gen_config", "val": "70ba154dd6c3967016ff8c533fe42724ca0c5ec612edebacb5a12e53"},
"bacula_dir_name": {"owner": "gen_config", "val": "web-dir"},
"activer_proxy_client": {"owner": "gen_config", "val": "oui"},
"ip_ssh_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"libelle_etab": {"owner": "gen_config", "val": "ACA"},
"smb_workgroup": {"owner": "gen_config", "val": "domgg"},
"smb_netbios_name": {"owner": "gen_config", "val": "horus"},
"netmask_ssh_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"adresse_ip_eth0": {"owner": "gen_config", "val": "172.20.56.49"},
"nom_machine": {"owner": "gen_config", "val": "web"},
"nom_academie": {"owner": "gen_config", "val": "ac-test"},
"adresse_ip_gw": {"owner": "gen_config", "val": "172.20.56.254"},
"adresse_ip_dns": {"owner": "gen_config", "val": ["172.20.210.10"]}
"activer_phpmyadmin": {"owner": "gen_config", "val": "oui"}
}
</code></pre>
h2. instalation
h2. config eol
<pre><code class="JSON">
{
"libelle_etab": {"owner": "gen_config", "val": "ACA"},
"adresse_ip_eth0": {"owner": "gen_config", "val": "172.20.56.45"},
"system_mail_to": {"owner": "gen_config", "val": "eolebase"},
"check_passwd": {"owner": "gen_config", "val": "non"},
"nom_domaine_local": {"owner": "gen_config", "val": "ac-test.lan"},
"proxy_client_adresse": {"owner": "gen_config", "val": "172.20.210.10"},
"exim_relay_smtp": {"owner": "gen_config", "val": "smtp.ac-dijon.fr"},
"netmask_ssh_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"ip_admin_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"numero_etab": {"owner": "gen_config", "val": "0000000A"},
"nom_machine": {"owner": "gen_config", "val": "eolebase"},
"netmask_admin_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"domaine_messagerie_etab": {"owner": "gen_config", "val": "ac-test.fr"},
"ip_ssh_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"nom_academie": {"owner": "gen_config", "val": "ac-test"},
"adresse_ip_gw": {"owner": "gen_config", "val": "172.20.56.254"},
"activer_proxy_client": {"owner": "gen_config", "val": "oui"},
"adresse_ip_dns": {"owner": "gen_config", "val": ["172.20.210.10"]}
}
</code></pre>
h2. instalation
# ajout de %%nom_domaine_local dans @hostname@ => faire un %if si module de type AD
# le fichier @hosts@ est OK
# modification de la fstab, cf. comme on fait dans @eole-fichier@ mais devra aussi être appliqué aux fichiers de Samba4 (sysvol, ...)
<pre>
[libdefaults]
dns_lookup_realm = true
dns_lookup_kdc = true
default_realm = AC-TEST.LAN
</pre>
# modification du @krb5.conf@ => templatiser
# provisionnement du domaine
# modification smb.conf => templatiser ou utilisser samba-tool ?
<pre>
# Global parameters
[global]
workgroup = AC-TEST
realm = ac-test.lan
netbios name = EOLEBASE
server role = active directory domain controller
dns forwarder = 172.20.210.10
[netlogon]
path = /usr/local/samba/var/locks/sysvol/ac-test.lan/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
</pre>
# fichier resolv.conf => ???
# fichier ntp.conf + modifications
h2. EOLEisation
Création d'un dictionnaire Creole gérant le service "samba4" et les ouvertures de port tcp et udp.
h2. Migration
Paquets supplémentaires à mettre en dépendance :
<pre>
libldap2-dev python-ldap
</pre>
<pre>
#
# INSTALLATION SECONDAIRE !!!!!
</pre>
h1. Samba4 Secondaire
h2. config eof
<pre><code class="JSON">
{
"libelle_etab": {"owner": "gen_config", "val": "ACA"},
"adresse_ip_eth0": {"owner": "gen_config", "val": "172.20.56.46"},
"system_mail_to": {"owner": "gen_config", "val": "eolebase"},
"check_passwd": {"owner": "gen_config", "val": "non"},
"nom_domaine_local": {"owner": "gen_config", "val": "ac-test.lan"},
"proxy_client_adresse": {"owner": "gen_config", "val": "172.20.210.10"},
"exim_relay_smtp": {"owner": "gen_config", "val": "smtp.ac-dijon.fr"},
"netmask_ssh_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"ip_admin_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"numero_etab": {"owner": "gen_config", "val": "0000000A"},
"nom_machine": {"owner": "gen_config", "val": "eolebase2"},
"netmask_admin_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"domaine_messagerie_etab": {"owner": "gen_config", "val": "ac-test.fr"},
"ip_ssh_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"nom_academie": {"owner": "gen_config", "val": "ac-test"},
"adresse_ip_gw": {"owner": "gen_config", "val": "172.20.56.254"},
"activer_proxy_client": {"owner": "gen_config", "val": "oui"},
"adresse_ip_dns": {"owner": "gen_config", "val": ["172.20.210.10"]}
}
</code></pre>
h2. instalation
<pre>
#
# INSTALLATION SECONDAIRE !!!!!
# le primaire est 'eolebase' en 172.20.56.45
#
apt-get update
export DEBIAN_FRONTEND=noninteractive
apt-get -q -y install build-essential autotools-dev comerr-dev dpkg-dev ethtool krb5-multidev libacl1-dev libattr1-dev libblkid-dev \
libblkid1 libc-dev-bin libc6-dev libdevmapper1.02.1 libgcrypt11-dev libgnutls-dev libgpg-error-dev libkrb5-dev libncurses5-dev \
libpopt-dev libreadline-gplv2-dev libssl-dev libstdc++6-4.4-dev libtasn1-3-dev libudev0 linux-libc-dev manpages-dev python-dev \
udev uuid-dev zlib1g-dev krb5-user
unset DEBIAN_FRONTEND
cd /root
tar -zxvf samba-4.1.13.tar.gz
cd samba-4.1.13
./configure --with-ldap
make
make install
cp samba4.sh /etc/init.d/samba4
chmod 755 /etc/init.d/samba4
update-rc.d samba4 default
#implicite
#apt-get install ntpdate
#ntpdate pool.ntp.org
#apt-get install ntp
# socket NTP Samba
cd /usr/share/eole/creole/modif/
cp ../distrib/ntp.conf .
cat >>ntp.conf <<EOF
ntpsigndsocket /usr/local/samba/var/lib/ntp_signd
EOF
sed -i 's/restrict default kod notrap nomodify nopeer noquery/restrict default kod notrap nomodify nopeer noquery mssntp/g' ntp.conf
# Hostname FQDN
cat >hostname <<EOF
%%nom_machine.%%nom_domaine_local
EOF
gen_patch
chgrp ntp /usr/local/samba/var/lib/ntp_signd
usermod -a -G staff ntp
reconfigure
echo "export PATH=$PATH:/usr/local/samba/sbin:/usr/local/samba/bin" >> /root/.bashrc
source /root/.bashrc
#bascule sur primaire
cat >/etc/resolv.conf <<EOF
nameserver 172.20.56.45
search ac-test.lan
EOF
cat >/etc/krb5.conf <<EOF
[libdefaults]
dns_lookup_realm = true
dns_lookup_kdc = true
default_realm = AC-TEST.LAN
EOF
kinit administrator
#debug /usr/local/samba/sbin/samba -i -d9
/usr/local/samba/sbin/samba
samba-tool domain join ac-test.lan DC -U administrator --realm=ac-test.lan -W AC-TEST.LAN
samba-tool dns add 127.0.0.1 ac-test.lan ac-test.lan NS eolebase2.ac-test.lan
#bascule sur moi
cat >/etc/resolv.conf <<EOF
nameserver 127.0.0.1
search ac-test.lan
EOF
</pre>
h1. samba4 fichier
<pre>
apt-get -q -y install build-essential autotools-dev comerr-dev dpkg-dev ethtool krb5-multidev libacl1-dev libattr1-dev libblkid-dev \
libblkid1 libc-dev-bin libc6-dev libdevmapper1.02.1 libgcrypt11-dev libgnutls-dev libgpg-error-dev libkrb5-dev libncurses5-dev \
libpopt-dev libreadline-gplv2-dev libssl-dev libstdc++6-4.4-dev libtasn1-3-dev libudev0 linux-libc-dev manpages-dev python-dev \
udev uuid-dev zlib1g-dev krb5-user acl libldap-dev libcups2-dev
./configure --with-ads --with-shared-modules=idmap_ad
</pre>
h1. Horus Web avec authentification dans AD
h2. config eol
<pre><code class="JSON">
{
"check_passwd": {"owner": "gen_config", "val": "non"},
"nom_domaine_local": {"owner": "gen_config", "val": "ac-test.lan"},
"proxy_client_adresse": {"owner": "gen_config", "val": "172.20.210.10"},
"bacula_dir_password": {"owner": "gen_config", "val": "efcf727bbaab47cede2a162a26601dbc0173e0c38e751040e37dacff"},
"web_url": {"owner": "gen_config", "val": "172.20.56.49"},
"activer_apache": {"owner": "gen_config", "val": "oui"},
"domaine_messagerie_etab": {"owner": "gen_config", "val": "ac-test.fr"},
"exim_relay_smtp": {"owner": "gen_config", "val": "smtp.ac-dijon.fr"},
"bacula_fd_password": {"owner": "gen_config", "val": "68e1170b2be9afddedd239dd543de50636d4045a399a43bae499f234"},
"system_mail_to": {"owner": "gen_config", "val": "eolebase"},
"ip_admin_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"numero_etab": {"owner": "gen_config", "val": "0000000A"},
"netmask_admin_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"bacula_sd_password": {"owner": "gen_config", "val": "70ba154dd6c3967016ff8c533fe42724ca0c5ec612edebacb5a12e53"},
"bacula_dir_name": {"owner": "gen_config", "val": "web-dir"},
"activer_proxy_client": {"owner": "gen_config", "val": "oui"},
"ip_ssh_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"libelle_etab": {"owner": "gen_config", "val": "ACA"},
"smb_workgroup": {"owner": "gen_config", "val": "domgg"},
"smb_netbios_name": {"owner": "gen_config", "val": "horus"},
"netmask_ssh_eth0": {"owner": "gen_config", "val": ["0.0.0.0"]},
"adresse_ip_eth0": {"owner": "gen_config", "val": "172.20.56.49"},
"nom_machine": {"owner": "gen_config", "val": "web"},
"nom_academie": {"owner": "gen_config", "val": "ac-test"},
"adresse_ip_gw": {"owner": "gen_config", "val": "172.20.56.254"},
"adresse_ip_dns": {"owner": "gen_config", "val": ["172.20.210.10"]}
"activer_phpmyadmin": {"owner": "gen_config", "val": "oui"}
}
</code></pre>
h2. instalation