De Wiki inetshell
Saltar a: navegación, buscar

Migracion de Windows AD a Samba4[editar]

https://andrewwippler.com/2015/12/21/switching-from-active-directory-to-samba4/

https://wiki.samba.org/index.php/Updating_Samba

Revisar estado del AD[editar]

    To reset wrong Sysvol ACLs, run:

# samba-tool ntacl sysvolreset

    To reset all well known ACLs in the directory, run:

# samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix

    To fix errors in the Active Directory (AD) database, run:

# samba-tool dbcheck --cross-ncs --fix

Agregar Controlador de Dominio a dominio existente[editar]

https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory

samba-tool domain join samdom.example.com DC -Uadministrator --dns-backend=SAMBA_INTERNAL

Cambio de nombre de dominio[editar]

https://wiki.samba.org/index.php/Domain_rename_tool

backup:
sudo samba-tool domain backup rename NEWDOMAIN new.renamed.com --server=<DC> --targetdir=<backup-dir> -UAdministrator

restore:
sudo samba-tool domain backup restore --newservername=<new-DC-name> --targetdir=<restore-dir> --backup-file=<backup-file>

Eliminar Controlador de Dominio[editar]

https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC

samba-tool domain demote -Uadministrator
shutdown -h now

Codificación de SAMBA para Español[editar]

Podemos consultar el juego de caracteres con la variable de sistema $LANG.

 echo $LANG

Si contesta: es_ES.ISO-8859-15

Debemos añadir en la sección "global" de smb.conf:

 dos charset = 850
 unix charset = ISO8859-15

Y montar los recursos con:

 //192.168.0.XX/RECURSO /media/PUNTOMONTAJE smbfs auto,credentials=/root/smbpwd,dir_mode=0777,file_mode=0777,rw,uid=1000,gid=1000,iocharset=iso8859-15 0 0

Si en cambio contesta: es_ES.UTF-8

No será necesario añadir nada a smb.conf y montaremos los recursos con:

 //192.168.0.XX/RECURSO /media/PUNTOMONTAJE smbfs auto,credentials=/root/smbpwd,dir_mode=0777,file_mode=0777,rw,uid=1000,gid=1000,iocharset=utf8 0 0

Acentos y eñes en SAMBA

Cómo mantener los acentos y las eñes al montar NTFS, FAT o smbfs y al compartir directorios con Samba


Servidor SAMBA como Active Directory en CentOS 7[editar]

https://www.howtoforge.com/tutorial/samba-4-with-active-directory-on-centos-7-rpm-based-installation-with-share-support/

  1. yum update
  2. sestatus
  3. setenforce 0
  4. hostnamectl set-hostname ad.demo.local
  5. vi /etc/hosts
  6. yum install epel-release -y
  7. yum update
  8. yum install vim wget authconfig krb5-workstation -y
  9. cd /etc/yum.repos.d/
  10. wget http://wing-net.ddo.jp/wing/7/EL7.wing.repo
  11. sed -i '[email protected][email protected][email protected]' /etc/yum.repos.d/EL7.wing.repo
  12. cat /etc/yum.repos.d/EL7.wing.repo
  13. yum clean all
  14. yum install -y samba46 samba46-winbind-clients samba46-winbind samba46-client samba46-dc samba46-pidl samba46-python samba46-winbind-krb5-locator perl-Parse-Yapp perl-Test-Base python2-crypto samba46-common-tools
  15. rm -rf /etc/krb5.conf
  16. rm -rf /etc/samba/smb.conf
  17. yum update
  18. samba-tool domain provision --use-rfc2307 --interactive
  19. firewall-cmd --add-port=53/tcp --permanent;firewall-cmd --add-port=53/udp --permanent;firewall-cmd --add-port=88/tcp --permanent;firewall-cmd --add-port=88/udp --permanent; firewall-cmd --add-port=135/tcp --permanent;firewall-cmd --add-port=137-138/udp --permanent;firewall-cmd --add-port=139/tcp --permanent; firewall-cmd --add-port=389/tcp --permanent;firewall-cmd --add-port=389/udp --permanent;firewall-cmd --add-port=445/tcp --permanent; firewall-cmd --add-port=464/tcp --permanent;firewall-cmd --add-port=464/udp --permanent;firewall-cmd --add-port=636/tcp --permanent; firewall-cmd --add-port=1024-3500/tcp --permanent;firewall-cmd --add-port=3268-3269/tcp --permanent; firewall-cmd --add-port=22/tcp
  20. firewall-cmd --reload
  21. iptables -L
  22. vi /etc/systemd/system/samba.service
  23. ls /usr/sbin/samba
  24. ls /var/run/samba.pid
  25. systemctl enable samba
  26. systemctl restart samba
  27. ps aux|grep smb
  28. systemctl stop samba

smbd -b | grep "ENABLE_GNUTLS"

  50  ls /usr/local/samba/private/tls/
  51  ls /usr/local/samba/private/
  52  ls /usr/local/samba/
  53  ls /usr/local
  54  cd /etc/samba/
  55  ls
  56  vi smb.conf 
  57  systemctl restart samba
  58  ls /usr/local/samba/private/
  59  ls /usr/local/samba/
  60  find / -name "ca.*"
  61  xs/var/lib/samba/private/
  62  cd /var/lib/samba/private/
  63  ls
  64  cd ..
  65  ls
  66  cd pri
  67  cd private/
  68  ls
  69  ls -al
  70  cd tls/
  71  ls -al
  72  date
  73  cat ca.pem 
  74  ls
  75  cp * /root/
  76  vi ca.pem 
  77  vi cert.pem 
  78  vi key.pem 
  79  ls
  80  service samba
  81  service samba stop
  82  ps aux
  83  netstat -ant
  84  yum install nettools
  85  yum whatprovides netstat
  86  yum install net-tools
  87  netstat -ant
  88  ls -al
  89  cat key.pem 
  90  ls
  91  vi /etc/samba/smb.conf 
  92  ls -al
  93  service samba start
  94  netstat -ant
  95   openssl s_client -showcerts -connect localhost:636 -CApath ca.pem 
  96  cat ca.pem 
  97  ping ad.domain.local
  98   openssl s_client -showcerts -connect ad.domail.local:636 -CApath ca.pem 
  99  openssl verify ca.pem 
 100  openssl verify cert.pem 
 101  openssl verify cert.pem -CAPath ca.pem 
 102  reboot 
 103  passwd 
  1. wbinfo -u
  2. wbinfo -g
  3. samba-tool user setexpiry Administrator --noexpiry
  4. samba-tool domain passwordsettings show
  5. samba-tool domain passwordsettings set --complexity=off
  6. samba-tool domain passwordsettings set --history-length=0
  7. samba-tool domain passwordsettings set --min-pwd-age=0
  8. samba-tool domain passwordsettings set --max-pwd-age=0
  9. samba-tool domain passwordsettings set --min-pwd-length=7
  10. samba-tool domain passwordsettings show
  11. samba-tool domain passwordsettings set --account-lockout-duration=5
  12. samba-tool domain passwordsettings set --reset-account-lockout-after=5
  13. samba-tool domain passwordsettings set --account-lockout-threshold=10
  14. samba-tool user setpassword Administrator

http://www.golinuxhub.com/2013/03/changing-password-of-administrator-in.html

Backup[editar]

https://wiki.samba.org/index.php/Back_up_and_Restoring_a_Samba_AD_DC

Docker[editar]

https://github.com/inetshell/samba-dc/

rancher-compose.yml

version: '2'
services:
  dc1:
    cap_add:
    - NET_ADMIN
    - SYS_ADMIN
    image: inetshell/samba-dc:latest
    environment:
      ADMIN_PASSWORD_SECRET: samba-admin-pass
      ALLOW_DNS_UPDATES: secure
      BIND_INTERFACES_ONLY: 'yes'
      DOMAIN_ACTION: provision
      DOMAIN_LOGONS: 'yes'
      DOMAIN_MASTER: 'no'
      INTERFACES: lo eth0
      LOG_LEVEL: '1'
      MODEL: standard
      REALM: domain.local
      SERVER_STRING: Samba Domain Controller
      TZ: America/Mexico_City
      WINBIND_USE_DEFAULT_DOMAIN: 'yes'
      WORKGROUP: DOMAIN
    stdin_open: true
    network_mode: host
    volumes:
    - /docker/samba_etc:/etc/samba
    - /docker/samba_var:/var/lib/samba
    tty: true
    ports:
    - 53:53/udp
    - 53:53/tcp
    - 88:88/udp
    - 88:88/tcp
    - 135:135/tcp
    - 137:137/udp
    - 138:138/udp
    - 139:139/tcp
    - 389:389/tcp
    - 445:445/tcp
    - 464:464/udp
    - 464:464/tcp
    - 636:636/tcp
    - 3268:3268/tcp
    - 3269:3269/tcp
    secrets:
    - mode: '0444'
      uid: '0'
      gid: '0'
      source: samba-admin-pass
    labels:
      io.rancher.container.pull_image: always
secrets:
  samba-admin-pass:
    external: 'true'