image

Acesse bootcamps ilimitados e +650 cursos

50
%OFF
Rafael Borring
Rafael Borring20/04/2024 11:14
Compartilhe

Usar a aplicação samba como AD/DC

  • #Linux

Configurar firewall:

sudo nano /etc/default/ufw

IPV6=no

DEFAULT_FORWARD_POLICY="ACCEPT"

sudo nano /etc/ufw/sysctl.conf

net/ipv4/ip_forward=1

sudo nano /etc/ufw/before.rules

*nat

:POSTROUTING ACCEPT [0:0]

-A POSTROUTING -o enp1s0 -j MASQUERADE

COMMIT

Ativar firewall:

sudo ufw enable

Permitir conexão SSH:

sudo ufw allow ssh

Instalar servidores DHCP e DNS:

sudo apt install isc-dhcp-server bind9 bind9utils -y

Configurar servidor DHCP:

sudo nano /etc/default/isc-dhcp-server

INTERFACESv4="enp1s0"

Configurar servidor DNS:

sudo nano /etc/default/named

OPTIONS="-u bind -4"

Reiniciar serviçoes

sudo systemctl restart isc-dhcp-server

Instalar Samba AD DC:

sudo apt install -y samba smbclient krb5-config krb5-user winbind

Desativar resolver:

sudo systemctl disable --now systemd-resolved && sudo unlink /etc/resolv.conf
sudo tee /etc/resolv.conf

nameserver 192.168.10.12

search host.domain.com

Configurar rede:

sudo tee /etc/netplan/00-installer-config.yaml 

network:

 ethernets:

   enp1s0:

     dhcp4: false

     addresses:

     - 192.168.122.253/24

     gateway4: 192.168.122.1

 version: 2

sudo netplan apply
sudo hostnamectl set-hostname samba.host.domain.com
echo '192.168.10.12   samba.host.domain.com samba' | sudo tee -a /etc/hosts

Desativar serviços:

sudo systemctl disable --now smbd nmbd winbind && sudo systemctl unmask samba-ad-dc

Provisionar:

sudo samba-tool domain provision --use-rfc2307 --realm=host.domain.com --domain=host --server-role=dc --dns-backend=SAMBA_INTERNAL --adminpass=P@ssword && sudo cp /var/lib/samba/private/krb5.conf /etc/
sudo nano /etc/bind/named.conf

include "/var/lib/samba/bind-dns/named.conf";

sudo nano /etc/bind/named.conf.options

tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";

Ativar serviço:

sudo systemctl enable --now samba-ad-dc

Realizar testes:

host -t SRV _ldap._tcp.host.domain.com.
host -t SRV _kerberos._udp.host.domain.com.
host -t A ad.host.domain.com.
kinit administrator && klist
Compartilhe
Comentários (0)