Samba as PDC
Jump to navigation
Jump to search
- Install
#check hostname
hostname -f
vi /etc/hostname
#add name to hosts
vi /etc/hosts
#remove any traces of unused configurations
rm -v /etc/krb5.conf
#update system and install samba
apt update && apt upgrade
apt install samba krb5-config winbind smbclient #rembember dns backend! (2021)
apt install samba smbclient winbind libpam-winbind libnss-winbind krb5-kdc libpam-krb5 -y (2022)
#after successful install
mv -v /etc/samba/smb.conf /etc/samba/smb.conf.default
#provision domain
samba-tool domain provision --use-rfc2307 --interactive --option="interfaces=lo eth0" --option="bind interfaces only=yes"
#copy provided krb5
cp -v /var/lib/samba/private/krb5.conf /etc
#bind-dns samba addition
vi /etc/bind/named.conf
include "/var/lib/samba/bind-dns/named.conf";
#bind-dns allow dns updates:
vi /etc/bind/options.conf
tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
#set services
systemctl stop smbd nmbd winbind
systemctl disable smbd nmbd winbind
systemctl unmask samba-ad-dc
systemctl enable samba-ad-dc
systemctl start samba-ad-dc
systemctl status samba-ad-dc- Testing
#test shared folder
smbclient -L localhost -U%
smbclient //localhost/netlogon -UAdministrator -c 'ls'
#check domain level
samba-tool domain level show
#check kerberos auth
kinit -UAdministrator #get ticket
klist #list ticket
kdestroy #remove tickets
- Maintenance
#create domain user
samba-tool user create USER PASSWORD
#disable password expiry
samba-tool user setexpiry USER --noexpiry
samba-tool user setexpiry Administrator --noexpiry #example for Administrator
#chagne user password
samba-tool user setpassword USER PASSWORD