Installationsanleitung: Unterschied zwischen den Versionen

Aktuelle Version vom 13. September 2015, 10:25 Uhr

Inhaltsverzeichnis

1 Debian
- 1.1 Debian 5 Installation (VMware)
- 1.2 Debian 6 Installation (VMware)
2 Ubuntu
3 Einzelnachweise

Debian

Debian 5 Installation (VMware)

Installation mit Netzwerkspiegel
CD bereitstellen
aptitude install psmisc (Killproc VMware)
aptitude install gcc-4.1 + link
aptitude install Linux-headers-2.6.26-2-all-amd64
aptitude install make
Install vmwaretool

Hinweis:

Debian Source /etc/apt/sources.list (apt-get update)
aptitude search …

Debian 6 Installation (VMware)

Installation mit Netzwerkspiegel
CD bereitstellen
aptitude install gcc-4.3 + link
aptitude install Linux-headers-…-2-all-amd64
aptitude install make
Install vmwaretool

Ubuntu

Ubuntu 14.04 Installation / Samba4

Ubuntu 14.04 Server Standard durchführen (OpenSSH Server auswählen).
Password für den Root-User setzen.

    sudo passwd root

statische IP-Adresse in der Datei /etc/network/interface setzen.

   face eth0 inet static Ub
   address 172.16.41.200
   netmaster 255.255.255.0
   network 172.16.41.0
   broadcast 172.16.41.255
   gateway 172.16.41.2
   dns-nameservers 172.16.41.200 8.8.8.8
   dbs-serach corp.net

Hostnamen setzen (/etc/hosts).

   172.16.41.200  selb-main1.corp.net
   echo selb-main1.corp.net > /etc/hostname

Softwareupdate durchführen.

   apt-get update && apt-get upgrade -y

Softwarepakete installieren (Konfiguration Kerberos 2x selb-main1).

   apt-get install git acl attr autoconf bison build-essential \
   debhelper dnsutils docbook-xml docbook-xsl flex gdb krb5-user \
   libacl1-dev libaio-dev libattr1-dev libblkid-dev libbsd-dev \
   libcap-dev libcups2-dev libgnutls-dev libjson-perl \
   libldap2-dev libncurses5-dev libpam0g-dev libparse-yapp-perl \
   libpopt-dev libreadline-dev perl perl-modules pkg-config \
   python-all-dev python-dev python-dnspython python-novaclient \
   xsltproc zlib1g-dev
   old
   apt-get install git build-essential libacl1-dev  libattr1-dev libblkid-dev libgnutls-dev libreadline-dev 
   python-dev python-dnspython gdb pkg-config libpopt-dev libldap2-dev dnsutils libbsd-dev attr 
   krb5-user docbook-xsl libcups2-dev libpam0q-dev ntp -u

Aktuelle Samba4 Version von Samba.org laden.

   git clone -b v4-2-stable git://git.samba.org/samba.git samba4 (wird im aktuellen Verzeichnis abgelegt)

Software kompilieren und installieren.

  cd samba4
  ./configure —enable-debug —enable-selftest
  make
  make install

Domaine erstelle.

   cd /usr/local/samba/bin/
   samba-tool domain provision
       Realm [CORP.NET]: 
       Domain [CORP]: 
       Server Role (dc, member, standalone) [dc]: 
       DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: 
       DNS forwarder IP address (write 'none' to disable forwarding) [8.8.8.8]: 
       Administrator password: 
       Retype password:
      (samba-tool domain provision —realm=CORP.NET —domain=CORP —adminpass=„Server123“ —server-role=dc —dns-backend=SAMBA_INTERNAL)

Samba Logging aktvieren (smb.conf)

   # Debug Logging information
    log level = 2
    log file = /var/log/samba/samba.log.%m
    max log size = 50
     debug timestamp = yes

Samba starten.

   /usr/local/samba/sbin/samba

Sambaversionen überprüfen, müssen identisch sein.

   /usr/local/samba/sbin/samba -V
   /usr/local/samba/bin/smbclient -V

Samba Funktionalität überprüfen.

   /usr/local/samba/bin/smbclient -L localhost -U% 
   /usr/local/samba/bin/smbclient //localhost/netlogon -U Administrator%“Server123“ -c ls

Namensauflösung anpassen.

   echo domain CORP.NET >> /etc/resolv.conf

DNS Forwarder in Sambakonfiguratiosdatei (usr/local/samba/etc/smb.conf) ändern.

   dns forwarder = 8.8.8.8

Kerberos konfigurieren (/usr/local/samba/share/setup/krb5.conf).

   default_realm = CORP.NET

Kerberos überprüfen.

   kinit adminiatrator@CORP.NET
   klist -e

Kerberos Fehlersuche

   KRB5_TRACE=/dev/stdout kinit administrator
   less /etc/krb5.conf

Samba Autorun, (/etc/init) ^[1]

description "SMB/CIFS File and Active Directory Server"
author      "Jelmer Vernooij "
start on (local-filesystems and net-device-up)
stop on runlevel [!2345] 
expect fork
normal exit 0
pre-start script
   [ -r /etc/default/samba4 ] && . /etc/default/samba4
   install -o root -g root -m 755 -d /var/run/samba
   install -o root -g root -m 755 -d /var/log/samba
end script
exec /usr/local/samba/sbin/samba -D

chmod 755 samba4.conf
chmod +x samba4.conf

Zeitserver konfigurieren (/etc/ntp.conf).
Userverzeichnis erstellen und konfigurieren.

   mkdir -m 770 /Users
   chmod g+s /Users
   chown root:users /Users

Userverzeichnis mit Samba bereitstellen.

   [Users]
       directory_mode: parameter = 0700
       read only = No
       path = /Users
       csc policy = documents

Ablauf des Passworts für den Administrator deaktivieren.

   samba-tool user setexpiry administrator —noexpiry

Passwortkomplexität deaktivieren.

   samba-tool domain passwordsettings show
   samba-tool domain passwordsettings set —complexity=off
   samba-tool domain passwordsettings set --min-pwd-length=0
   samba-tool domain passwordsettings set --history-length=0

Domänverwaltung erfolgt über einen Windows-Client(Windows 7).

   http://www.microsoft.com/en-us/download/details.aspx?id=7887
   Feature nach der Installation aktivieren.

Grafische Oberfläche auf dem Ubuntu-Server installieren.

   apt-get install xorg gnome-core gnome-system-tools gnome-app-install

Samba Logging konfigurieren.

   # Debug Logging information
       log level = 2
       log file = /var/log/samba/samba.log.%m
       max log size = 50
       debug timestamp = yes

DHCP Server installieren

   apt-get install isc-dhcp-server

DHCP Config

 # Begin /etc/dhcpd.conf
 # Internal subnet
 subnet 172.16.42.0 netmask 255.255.255.0 {
 range 172.16.42.20 172.16.42.50;
 interface eth0;
 option subnet-mask 255.255.255.0;
 option routers 172.16.42.2;
 option domain-name "corp.net";
 option domain-name-servers 172.16.42.200;
 option broadcast-address 172.16.42.255;
 default-lease-time 28800;
 max-lease-time 43200;
 authoritative;

Sambaanpassung für DHCP ^[2]

Create User und add Group

   samba-tool user create dhcp --description="Unprivileged user for DNS updates via DHCP server"
   samba-tool group addmembers DnsAdmins dhcp

Export Benutzerberechtigung

   samba-tool domain exportkeytab --principal=dhcp@corp.net dhcpd.keytab
   install -vdm 755 /etc/dhcpd
   mv dhcpd.keytab /etc/dhcpd/
   chown root:root /etc/dhcpd/dhcpd.keytab 
   chmod 400 /etc/dhcpd/dhcpd.keytab

Scripte erstellen

   cat > /usr/sbin/samba-dnsupdate.sh << "EOF"
   #!/bin/bash
   # Begin samba-dnsupdate.sh
   # Author: DJ Lucas <dj_AT_linuxfromscratch_DOT_org>
   # kerberos_creds() courtesy of Sergey Urushkin
   # http://www.kuron-germany.de/michael/blog/wp-content/uploads/2012/03/dhcpdns-sergey2.txt
   # DHCP server should be authoritative for its own records, sleep for 5 seconds
   # to allow unconfigured Windows hosts to create their own DNS records
   # In order to use this script you should disable dynamic updates by hosts that
   # will receive addresses from this DHCP server. Instructions are found here:
   # https://wiki.archlinux.org/index.php/Samba_4_Active_Directory_Domain_Controller#DHCP
   binPath=/usr/local/samba/bin/
   sleep 5
   checkvalues()
   {
       [ -z "${2}" ] && echo "Error: argument '${1}' requires a parameter." && exit 1
       case ${2} in
               -*)
                       echo "Error: Invalid parameter '${2}' passed to ${1}."
                       exit 1
               ;;
               *)
                       return 0
               ;;
       esac
    }
   showhelp()
    {
   echo -e "\n"`basename ${0}` "uses samba-tool to update DNS records in Samba 4's DNS"
   echo "server when using INTERNAL DNS or BIND9 DLZ plugin."
   echo ""
   echo "    Command line options (and variables):"
   echo ""
   echo "      -a | --action      Action for this script to perform"
   echo "                         ACTION={add|delete}"
   echo "      -c | --krb5cc      Path of the krb5 credential cache (optional)"
   echo "                         Default: KRB5CC=/run/dhcpd.krb5cc"
   echo "      -d | --domain      The DNS domain/zone to be updated"
   echo "                         DOMAIN={domain.tld}"
   echo "      -h | --help        Show this help message and exit"
   echo "      -H | --hostname    Hostname of the record to be updated"
   echo "                         HNAME={hostname}"
   echo "      -i | --ip          IP address of the host to be updated"
   echo "                         IP={0.0.0.0}"
   echo "      -k | --keytab      Krb5 keytab to be used for authorization (optional)"
   echo "                         Default: KEYTAB=/etc/dhcp/dhcpd.keytab"
   echo "      -m | --mitkrb5     Use MIT krb5 client utilities"
   echo "                         MITKRB5={YES|NO}"
   echo "      -n | --nameserver  DNS server to be updated (must use FQDN, not IP)"
   echo "                         NAMESERVER={server.internal.domain.tld}"
   echo "      -p | --principal   Principal used for DNS updates"
   echo "                         PRINCIPAL={user@domain.tld}"
   echo "      -r | --realm       Authentication realm"
   echo "                         REALM={DOMAIN.TLD}"
   echo "      -z | --zone        Then name of the zone to be updated in AD.
   echo "                         ZONE={zonename}
   echo ""
   echo "Example: $(basename $0) -d domain.tld -i 192.168.0.x -n 192.168.0.x \\"
   echo "             -r DOMAIN.TLD -p user@domain.tld -H HOSTNAME -m"
   echo ""
   }
   # Process arguments
   [ -z "$1" ] && showhelp && exit 1
   while [ -n "$1" ]; do
       case $1 in
               -a | --action)
                       checkvalues ${1} ${2}
                       ACTION=${2}
                       shift 2
               ;;
               -c | --krb5cc)
                       checkvalues ${1} ${2}
                       KRB5CC=${2}
                       shift 2
               ;;
               -d | --domain)
                       checkvalues ${1} ${2}
                       DOMAIN=${2}
                       shift 2
               ;;
               -h | --help)
                       showhelp
                       exit 0
               ;;
               -H | --hostname)
                       checkvalues ${1} ${2}
                       HNAME=${2%%.*}
                       shift 2
               ;;
               -i | --ip)
                       checkvalues ${1} ${2}
                       IP=${2}
                       shift 2
               ;;
               -k | --keytab)
                       checkvalues ${1} ${2}
                       KEYTAB=${2}
                       shift 2
               ;;
               -m | --mitkrb5)
                       KRB5MIT=YES
                       shift 1
               ;;
               -n | --nameserver)
                       checkvalues ${1} ${2}
                       NAMESERVER=${2}
                       shift 2
               ;;
               -p | --principal)
                       checkvalues ${1} ${2}
                       PRINCIPAL=${2}
                       shift 2
               ;;
               -r | --realm)
                       checkvalues ${1} ${2}
                       REALM=${2}
                       shift 2
               ;;
               -z | --zone)
                       checkvalues ${1} ${2}
                       ZONE=${2}
                       shift 2
               ;;
               *)
                       echo "Error!!! Unknown command line opion!"
                       echo "Try" `basename $0` "--help."
                       exit 1
               ;;
       esac
   done
   # Sanity checking
   [ -z "$ACTION" ] && echo "Error: action not set." && exit 2
   case "$ACTION" in
       add | Add | ADD)
               ACTION=ADD
       ;;
       del | delete | Delete | DEL | DELETE)
               ACTION=DEL
       ;;
       *)
               echo "Error: invalid action \"$ACTION\"." && exit 3
       ;;
   esac
   [ -z "$KRB5CC" ] && KRB5CC=/run/dhcpd.krb5cc
   [ -z "$DOMAIN" ] && echo "Error: invalid domain." && exit 4
   [ -z "$HNAME" ] && [ "$ACTION" == "ADD" ] && \
    echo "Error: hostname not set." && exit 5
   [ -z "$IP" ] && echo "Error: IP address not set." && exit 6
   [ -z "$KEYTAB" ] && KEYTAB=/etc/dhcp/dhcpd.keytab
   [ -z "$NAMESERVER" ] && echo "Error: nameservers not set." && exit 7
   [ -z "$PRINCIPAL" ] && echo "Error: principal not set." && exit 8
   [ -z "$REALM" ] && echo "Error: realm not set." && exit 9
   [ -z "$ZONE" ] && echo "Error: zone not set." && exit 10
   # Disassemble IP for reverse lookups
   OCT1=$(echo $IP | cut -d . -f 1)
   OCT2=$(echo $IP | cut -d . -f 2)
   OCT3=$(echo $IP | cut -d . -f 3)
   OCT4=$(echo $IP | cut -d . -f 4)
   RZONE="$OCT3.$OCT2.$OCT1.in-addr.arpa"
   kerberos_creds() {
   export KRB5_KTNAME="$KEYTAB"
   export KRB5CCNAME="$KRB5CC"
   if [ "$KRB5MIT" = "YES" ]; then
   KLISTARG="-s"
   else
   KLISTARG="-t"
   fi
   klist $KLISTARG || kinit -k -t "$KEYTAB" -c "$KRB5CC" "$PRINCIPAL" || { logger -s -p daemon.error -t dhcpd kinit for dynamic DNS failed; exit 11; }
   }
   add_host(){
   logger -s -p daemon.info -t dhcpd Adding A record for host $HNAME with IP $IP to zone $ZONE on server $NAMESERVER
   $binPathsamba-tool dns add $NAMESERVER $ZONE $HNAME A $IP -k yes
   }
   delete_host(){
   logger -s -p daemon.info -t dhcpd Removing A record for host $HNAME with IP $IP from zone $ZONE on server $NAMESERVER
   $binPathsamba-tool dns delete $NAMESERVER $ZONE $HNAME A $IP -k yes
   }
   update_host(){
   CURIP=$(host -t A $HNAME | cut -d " " -f 4)
   logger -s -p daemon.info -t dhcpd Removing A record for host $HNAME with IP $CURIP from zone $ZONE on server $NAMESERVER
   $binPathsamba-tool dns delete $NAMESERVER $ZONE $HNAME A $CURIP -k yes
   add_host
   }
   add_ptr(){
   logger -s -p daemon.info -t dhcpd Adding PTR record $OCT4 with hostname $HNAME to zone $RZONE on server $NAMESERVER
   $binPathsamba-tool dns add $NAMESERVER $RZONE $OCT4 PTR $HNAME.$DOMAIN -k yes
   }
   delete_ptr(){
   logger -s -p daemon.info -t dhcpd Removing PTR record $OCT4 with hostname $HNAME from zone $RZONE on server $NAMESERVER
   $binPathsamba-tool dns delete $NAMESERVER $RZONE $OCT4 PTR $HNAME.$DOMAIN -k yes
   }
   update_ptr(){
   CURHNAME=$(host -t PTR $OCT4 | cut -d " " -f 5)
   logger -s -p daemon.info -t dhcpd Removing PTR record $OCT4 with hostname $CURHNAME from zone $RZONE on server $NAMESERVER
   $binPathsamba-tool dns delete $NAMESERVER $RZONE $OCT4 PTR $CURHNAME -k yes
   add_ptr
   }
   case "$ACTION" in
   ADD)
       kerberos_creds
       host -t A $HNAME.$DOMAIN > /dev/null
       if [ "${?}" == 0 ]; then
           update_host
       else
           add_host
       fi
       host -t PTR $IP > /dev/null
       if [ "${?}" == 0 ]; then
           update_ptr
       else
           add_ptr
       fi
   ;;
   DEL)
       kerberos_creds
       host -t A $HNAME.$DOMAIN > /dev/null
       if [ "${?}" == 0 ]; then
           delete_host
       fi
       host -t PTR $IP > /dev/null
       if [ "${?}" == 0 ]; then
           delete_ptr
       fi
   ;;
   *)
       echo "Error: Invalid action '$ACTION'!" && exit 12
   ;;
   esac
   # End samba-dnsupdate.sh
   EOF
   chmod 750 /usr/sbin/samba-dnsupdate.sh

   cat > /etc/dhcpd/update.sh << "EOF"
   #!/bin/bash
   # Begin /etc/dhcpd/update.sh
   # Variables
   KRB5CC="/run/dhcpd4.krb5cc"
   KEYTAB="/etc/dhcpd/dhcpd.keytab"
   DOMAIN="CORP.NET"
   REALM="CORP.NET"
   PRINCIPAL="dhcp@${REALM}"
   NAMESERVER="server.${DOMAIN}"
   ZONE="${DOMAIN}"
   ACTION=$1
   IP=$2
   HNAME=$3
   export KRB5CC KEYTAB DOMAIN REALM PRINCIPAL NAMESERVER ZONE ACTION IP HNAME
   /usr/sbin/samba-dnsupdate.sh -m &
   # End /etc/dhcpd/update.sh
   EOF
   chmod 750 /etc/dhcpd/update.sh

DHCPD Konfiguration anpassen

   on commit {
   set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
   set ClientName = pick-first-value(option host-name, host-decl-name);
   execute("/etc/dhcpd/update.sh", "add", ClientIP, ClientName);
   }
   on release {
   set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
   set ClientName = pick-first-value(option host-name, host-decl-name);
   execute("/etc/dhcpd/update.sh", "delete", ClientIP, ClientName);
   }
   on expiry {
   set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
   set ClientName = pick-first-value(option host-name, host-decl-name);
   execute("/etc/dhcpd/update.sh", "delete", ClientIP, ClientName);
   }

Ubuntu 14.04 Installation / LVM

Installation der Softwarepakete

Ubuntu 14.04 Installation / PostgreSQL

   apt-get install postgresql-9.3
   apt-get install postgresql-contrib-9.3
   apt-get install pgadmin3
   sudo -u postgres psql postgres
   \password postgres
   \q
   
   pg_hba.conf
   local   all             all      peer -> md5
   host    all             all             ::1/128                 ident ->md5

  postgresql.conf listen_addresses='*'
  apt-get install language-pack-de-base
  apt-get install language-pack-de

Einzelnachweise

↑ [1] Samba4 Active Directory Domain Controller
↑ [2] Starting Samba4 as DC daemon at boot

[1] [1] Samba4 Active Directory Domain Controller

[2] [2] Starting Samba4 as DC daemon at boot

[1]

[2]

Installationsanleitung: Unterschied zwischen den Versionen

Aktuelle Version vom 13. September 2015, 10:25 Uhr

Inhaltsverzeichnis

Debian

Debian 5 Installation (VMware)

Debian 6 Installation (VMware)

Ubuntu

Ubuntu 14.04 Installation / Samba4

Ubuntu 14.04 Installation / LVM

Ubuntu 14.04 Installation / PostgreSQL

Einzelnachweise

Navigationsmenü

Meine Werkzeuge

Namensräume

Varianten

Ansichten

Mehr

Suche

Navigation

Werkzeuge