instalao centos 7 (samba4 como AD DC)

1- configurar localidade e ntp -> a.ntp.br

2- configurar rede como estatico ip/dns/ hostname e dominio
3- particionar o hd p/ uso inteiro

****************ps instalao OS ******************

1- atualizar o sistema operacional ( yum -y update)
2- instalar pacote epel rpm -ivh http://mirror.globo.com/epel/epel-release-latest-
7.noarch.rpm
3- atualize repositorio yum repolist
4- instale pacotes yum -y install wget vim net-tools bind-utils
5- instalar pacotes de desenvolvimento yum -y groupinstall 'Development Tools'
6- adicionar 2 comandos(flags) na configurao da placa de rede. vim
/etc/sysconfig/network-scripts/ifcfg-(nomedaplaca).
NM_CONTROLLED = no
USERCTL = no

7-configurar vim/etc/hosts ip-dservidor hostname.dominio.local hostname

8-configurar vim/etc/sysconfig/network
NETWORKING = yes
HOSTNAME = hostname(nome do servidor)
9-reiniciar placa de rede /etc/init.d/network restart
10-configurar selinux vim /etc/selinux/config
SELINUX=disabled

11-desativar servio de firewall -> service firewalld stop

12-desativar servio iptables -> service iptables stop
13- desativar servio ip6tables -> service ip6tables stop
14- desabilitar servio firewall = systemctl disable firewalld
15- desabilitar servio iptables = systemctl disable iptables
16- desabilitar servio ip6tables = systemctl disable ip6tables
17- configurar vim /etc/resolv.conf
search dominio.local
domain dominio.local
nameserver ip do servidor

nameserver gateway

18- setenforce=0

******************** instalao do samba ****************************

1- instalar as bibliotecas do samba

yum install perl gcc attr libacl-devel libblkid-devel \
gnutls-devel readline-devel python-devel gdb pkgconfig \
krb5-workstation zlib-devel setroubleshoot-server libaio-devel \
setroubleshoot-plugins policycoreutils-python \
libsemanage-python perl-ExtUtils-MakeMaker perl-Parse-Yapp \
perl-Test-Base popt-devel libxml2-devel libattr-devel \
keyutils-libs-devel cups-devel bind-utils libxslt \
docbook-style-xsl openldap-devel autoconf python-crypto pam-devel

2-baixar o samba em : /opt/

wget -c https://download.samba.org/pub/samba/stable/samba-4.5.0.tar.gz

3-descompactar o arquivo samba (tar -zxvf samba....)

4-entrar na pasta samba e configurar (./configure.developer)
5- make e make install (make && make install)

antes de provisionar:
rm /etc/krb5.conf
ln -sf /usr/local/samba/private/krb5.conf /etc/krb5.conf

6-provisionar o samba:
/usr/local/samba/bin/samba-tool domain provision --use-rfc2307 --interactive

7-usar bind9 dlz para servidor de dns.

8-levantar o samba
9-matar todos os processos do samba ( pkill samba )
10-criar script de inicializao do samba.
vim /etc/rc.d/init.d/samba4 e copiar o script do wiki samba

***********************************************************************************
*****

***********************************************************************************
******

11- colar no arquivo samba4

12-dar permisso ao arquivo ( chmod 755 /etc/rc.d/init.d/samba4 )
13-dar permisso de execuo ( chmod +x /etc/rc.d/init.d/samba4 )
14-criar link simbolico ln -s /etc/rc.d/init.d/samba4 /etc/rc3.d/S80samba4
15- adicionar chkconfig --add samba4
chkconfig samba4 on
16- restartar o servio ( service samba4 restart )
17- verificar administrator ( /usr/local/samba/bin/smbclient //localhost/netlogon
-UAdministrator%senhadoadministrator)

***********************************************************************************
***********************************************************

configurao do bind9

1- yum -y install bind bind-sdb

2- entrar no arquivo named.conf /etc/named.conf
# listen ipv
listen-on port 53 (127.0.0.1; any;)
allow-query ( localhost; any; )
colocar include final do arquivo ( include "/usr/local/samba/private/named.conf" )

3-verificar verso do bin yum info bind

4-descomentar de acordo versao do bind (/usr/local/samba/private/named.conf)
5-chown named.named /var/named
6- restartar service named ( service named restart)
7- reprovisionar o samba ( /usr/local/samba/bin/samba-tool domain provision --use-
rfc2307 --interactive)
8- restartar samba4
9- verificar os arquivos named.conf
10- de a permissao chown named.named /var/named
11-restartar named (service named restart)

***********************************************************************************
****************************

configurao do kerberos

1- fazer bkp arquivo krb5.conf (cp /usr/local/samba/private/krb5.conf

krb5.conf.old)
2- copiar arquivo krb5.conf p/ etc ( cp /usr/local/samba/private/krb5.conf
/etc/krb5.conf)
3-kinit administrator
4- klist -e

5-colocar uma flag no arquivo named.conf (vim /etc/named.conf -> options

tkey-
gssapi-keytab /usr/local/samba/private/dns.keytab;

6- da permissao de grupo no named ( chgrp named /usr/local/samba/private/dns.keytab

)
7- chmod g+r /usr/local/samba/private/dns.keytab
8- systemctl enable named.service
9- atualizar dns no samba (/usr/local/samba/sbin/samba_dnsupdate --verbose
10-
tkey-gssapi-
keytab "/usr/local/samba/private/dns.keytab";

firewall:
***********************************************************************************
**************************

firewall-cmd --list-all -> listar todas a regras do firewall sendo utilizadas.

firewall-cmd --zone=home --list-all;

firewall-cmd --get-zones;
firewall-cmd --zone=home --change-interface=eth0
firewall-cmd --get-active-zones
firewall-cmd --zone=public --add-service=http; ==== adicionando servio.
firewall-cmd --zone=public --permanent --add-service=http === adicionando servio
de forma permanente.
firewall-cmd --zone=public --add-port=5000/tcp
firewall-cmd --list-ports
firewall-cmd --zone=public --permanent --add-port=5000/tcp
firewall-cmd --zone=public --permanent --add-port=4990-4999/udp
firewall-cmd --zone=public --permanent --list-ports

mudar arquivos firewalld

/usr/lib/firewalld/services

script samba4
***********************************************************************************
****

#!/bin/bash
#
# samba-ad-dc This shell script takes care of starting and stopping
# samba AD daemons.
#
# chkconfig: - 58 74
# description: Samba Active Directory Domain Controller

### BEGIN INIT INFO

# Provides: samba-ad-dc
# Required-Start: $network $local_fs $remote_fs
# Required-Stop: $network $local_fs $remote_fs
# Should-Start: $syslog $named
# Should-Stop: $syslog $named
# Short-Description: start and stop samba-ad-dc
# Description: Samba Active Directory Domain Controller
### END INIT INFO

# Source function library.

. /etc/init.d/functions

# Source networking configuration.

. /etc/sysconfig/network

prog=samba
prog_dir=/usr/local/samba/sbin/
lockfile=/var/lock/subsys/$prog

start() {
[ "$NETWORKING" = "no" ] && exit 1
echo -n $"Starting Samba AD DC: "
daemon $prog_dir/$prog -D
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch $lockfile
return $RETVAL
}

stop() {
[ "$EUID" != "0" ] && exit 4
echo -n $"Shutting down Samba AD DC: "
killproc $prog_dir/$prog
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f $lockfile
return $RETVAL
}

case "$1" in
start)
start
;;
stop)
 stop
;;
status)
status $prog
;;
restart)
stop
start
;;
*)
echo $"Usage: $0 {start|stop|status|restart}"
exit 2
esac