Usar a aplicação samba como AD/DC
- #Linux
Configurar firewall:
sudo nano /etc/default/ufw
IPV6=no
DEFAULT_FORWARD_POLICY="ACCEPT"
sudo nano /etc/ufw/sysctl.conf
net/ipv4/ip_forward=1
sudo nano /etc/ufw/before.rules
*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o enp1s0 -j MASQUERADE
COMMIT
Ativar firewall:
sudo ufw enable
Permitir conexão SSH:
sudo ufw allow ssh
Instalar servidores DHCP e DNS:
sudo apt install isc-dhcp-server bind9 bind9utils -y
Configurar servidor DHCP:
sudo nano /etc/default/isc-dhcp-server
INTERFACESv4="enp1s0"
Configurar servidor DNS:
sudo nano /etc/default/named
OPTIONS="-u bind -4"
Reiniciar serviçoes
sudo systemctl restart isc-dhcp-server
Instalar Samba AD DC:
sudo apt install -y samba smbclient krb5-config krb5-user winbind
Desativar resolver:
sudo systemctl disable --now systemd-resolved && sudo unlink /etc/resolv.conf
sudo tee /etc/resolv.conf
nameserver 192.168.10.12
search host.domain.com
Configurar rede:
sudo tee /etc/netplan/00-installer-config.yaml
network:
ethernets:
enp1s0:
dhcp4: false
addresses:
- 192.168.122.253/24
gateway4: 192.168.122.1
version: 2
sudo netplan apply
sudo hostnamectl set-hostname samba.host.domain.com
echo '192.168.10.12 samba.host.domain.com samba' | sudo tee -a /etc/hosts
Desativar serviços:
sudo systemctl disable --now smbd nmbd winbind && sudo systemctl unmask samba-ad-dc
Provisionar:
sudo samba-tool domain provision --use-rfc2307 --realm=host.domain.com --domain=host --server-role=dc --dns-backend=SAMBA_INTERNAL --adminpass=P@ssword && sudo cp /var/lib/samba/private/krb5.conf /etc/
sudo nano /etc/bind/named.conf
include "/var/lib/samba/bind-dns/named.conf";
sudo nano /etc/bind/named.conf.options
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
Ativar serviço:
sudo systemctl enable --now samba-ad-dc
Realizar testes:
host -t SRV _ldap._tcp.host.domain.com.
host -t SRV _kerberos._udp.host.domain.com.
host -t A ad.host.domain.com.
kinit administrator && klist
