Steps | history | Description |
1 | ping www.163.com | check internet connection |
2 | apt-get install openssh-server | install openssh-server in samba server |
3 | passwd root | set the root password |
4 | wget http://www.samba.org/samba/ftp/stable/samba-4.1.4.tar.gz | download samba's current stable version |
5 | apt-get install build-essential libacl1-dev libattr1-dev libblkid-dev libgnutls-dev libreadline-dev python-dev python-dnspython gdb pkg-config libpopt-dev libldap2-dev | install all compilations required packages. 1)build-essential package:tool for making the package; 2)libacl1-dev package:Access control list static libraries and headers; 3)libblkid-dev:Extended attribute static libraries and headers package;4)libgnutls-dev package:GNU TLS library - development files;5)libreadline-dev package:GNU readline and history libraries, development files;6)python-dev package:header files and a static library for Python ;7)python-dnspython package:DNS toolkit for Python;8)gdb pkg-config package; 9)libpopt-dev package:lib for parsing cmdline parameters - development files; 10)libldap2-dev package:This package allows development of LDAP applications using the OpenLDAP libraries. It includes headers, libraries and links to allow static and dynamic linking |
6 | cd /root | change to root directory |
7 | ls | list its content |
8 | tar xvfz samba-4.1.4.tar.gz | decompressing the tar file of the samba~ package |
9 | cd samba-4.1.4/ | change into the directory of your uncompressing downloaded files |
10 | ./configure –enable-debug | the configure command does the initial work: configure paths, detects the shell used, checks the dependencies etc.. This command is an automatically generated script and after being executed, generates the Makefile with the specific settings of your system. This saves a lot of work from the developer, given the wide variety of dependencies that may exist in the grand universe of Unix-like systems. which is a script to make sure that the program can be compiled on your computer.This command will check to see if you've got all the programs needed to install the program — in most cases you will not, and it will error out with a message about needing a program. |
11 | make | The “make” takes care of the heavy lifting, making the compilation itself. It relies on the information left by ”./Configure” to find the components you need. which does the actual building (compiling) of the program |
12 | make install | set up, default installation path /usr/local/samba |
13 | /usr/local/samba/bin/samba-tool domain provision | Setting up a new domain |
14 | cd /etc/init.d/ | enter to |
15 | ls | list directory contents – no samba4 |
16 | vim /etc/init.d/samba4 | Create a script file |
17 | ls | have samba4 now |
18 | vim /etc/init.d/samba4 | just for confirm the content is complete |
19 | chmod 755 /etc/init.d/samba4 | make it can execute |
20 | ls | already change the executed color |
21 | update-rc.d samba4 defaults | After creating the script, set to start at system boot |
22 | reboot | reboot the machine |
23 | /usr/local/samba/bin/smbclient -L localhost -U% | test the function of the SMB domain and see if all the shares requied for a functional directorates activities are working |
24 | vim /etc/resolv.conf | Verify that the primary dns Linux server is th ip of your local interface |
25 | vim /etc/network/interfaces | change to fix IP and add your dns-nameservers |
26 | reboot | reboot the server |
27 | ping johny.local | |
28 | vi /etc/hostname | |
29 | vi /etc/hosts | |
30 | vi /etc/resolv.conf | |
31 | netstat -ln | less |
32 | host -t SRV _kerberos._udp.johny.local. | verify that name resolution is working properly qualified name for the lab1.johny.local |
33 | host -t SRV _kerberos._tcp.johny.local. | test some basic DNS queries and see if they return a valid response |
34 | host -t A lab1.johny.local | prove DNS can resolve the A record |
35 | init 0 | shutdown the server |
36 | history | review |
37 | ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/libnss_winbind.so | create your symbolic links to the appropriate libraries |
38 | ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 | |
39 | ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib64/libnss_winbind.so | |
40 | ln -s /lib64/libnss_winbind.so /lib64/libnss_winbind.so.2 | |
41 | vim /etc/nsswitch.conf | to initially resolve user and group information from /etc/passwd and /etc/group/ and then from the Windows NT server.To setup winbindd for user and group lookups plus authentication from a domain controller use something like the following setup in nsswitch.conf file ⇒ passwd: files winbind ⇒group: files winbind to instruct the system to use the nss winbind library when searching for users or groups(to allow user and group entries to be visible from the winbindd daemon) |
42 | ldconfig -v | grep winbind | The libraries needed by the winbindd daemon will be automatically entered into the ldconfig cache the next time your system reboots, but it is faster (and you do not need to reboot) if you do it manually.This makes libnss_winbind available to winbindd and reports the current search path that is used by the dynamic link loader. The use of the grep filters the output of the ldconfig command so that we may see proof that this library is indeed recognized by the dynamic link loader. confirm the library is loaded |
43 | /usr/local/samba/bin/wbinfo -p | test if winbind is “pingable” |
44 | /usr/local/samba/bin/wbinfo -u | test of Winbind is able to provide user list |
45 | getent passwd | It returns as a password file with the entries for the domain users |
46 | id Administrator | The identification command returns information about the user |
47 | apt-get install acl | install acl package |
48 | vim /etc/fstab | set acl to desired partition to enable ACL |
49 | mount | check if ACL is ok for your partition |
50 | reboot | force ACL work for your ACL partition |
51 | mount | confirm acl is enabled |
52 | vim /usr/local/samba/etc/smb.conf | have a look the default smb.conf |
53 | cd /usr/local/samba/etc/ | enter to its directory |
54 | mv smb.conf smb.conf.bak | backup the default smb.conf file |
55 | ls | confirm it's OK |
56 | vim /usr/local/samba/etc/smb.conf | create simple sharing or scp smb.conf file from other server to edit it |
57 | | help locate the problem in smb.conf |
58 | /etc/init.d/samba4 restart | |
59 | cd /home | enter to share folder directory |
60 | ls | check the current situation |
61 | mkdir /home/it /home/hr /home/commercial | create the share folder as smb.conf |
62 | mkdir public | |
63 | ls | |
64 | chmod 777 public/ | give full permission to everybody |
65 | chmod 770 it/ hr/ commercial/ | give the folder owner and group owner full permission |
66 | reboot | reboot the server |
67 | cd /home/ | |
69 | ls | |
70 | ls -lha | |
71 | getfacl | johny/ |
72 | setfacl -m g:it:rwx /home/it | set folder acl, modify group “it” have full permission to folder /home/it |
73 | | |
74 | | |
75 | mkdir /home/recycle | |
76 | chmod 777 /home/recycle/ | |
77 | smbstatus | check at any time which users and which machines are accessing shares on the server |
78 | setfacl -m u:pauly:r-x /home/hr/ | set user johny only read permission on a particular folder |
79 | getfacl /home/hr | |
Configuration | Description | | |
# Global parameters | the file is divided into sections | | |
[global] | the first is always the ”[global]” section, which contains the general server options | | |
workgroup = JOHNY | the name of the workgroup | | |
realm = JOHNY.LOCAL | | |
netbios name = LAB5 | server name | | |
server role = active directory domain controller | the server was configured as a AD and DC | | |
dns forwarder = 8.8.8.8 | | |
vfs objects = recycle, full_audit | VFS module records selected client operations to the system log | | |
recycle:keeptree = yes | Specifies whether the directory structure should be preserved or whether the files in a directory that is being deleted should be kept separately in the repository | | |
recycle:versions = yes | If this option is True, two files with the same name that are deleted will both be kept in the repository. Newer deleted versions of a file will be called “Copy #x of filename”. | | |
recycle:repository = /home/recycle | Path of the directory where deleted files should be moved | | |
recycle:exclude = *.tmp, *.log, ~*.*, *.bak, *.iso | List of files that should not be put into the repository when deleted, but deleted in the normal way. Wildcards such as * and ? are supported. | | |
recycle::exclude_dir = tmp, cache | List of directories whose files should not be put into the repository when deleted, but deleted in the normal way. Wildcards such as * and ? are supported | | |
full_audit:facility = local5 | all this audit logs are going to system log(/var/log/syslog) | | |
full_audit:priority = notice | | |
full_audit:prefix = %u | %I | %s | adds additional useful information to audit log file.%u – User; %I – User IP address; %S – Server share name |
full_audit:sucess = open, write, rename, rmdir, mkdir, chmod, chown | | |
full_audit:failure = none | do not give a list of VFS operations that should be recorded if they failed | | |
log level = 5 | | |
| |
[netlogon] | indicates the name of sharing,describes a shared resource (known as a “share”). | | |
path = /usr/local/samba/var/locks/sysvol/johny.local/scripts | share folder path | | |
read only = No | | |
| |
[sysvol] | | |
path = /usr/local/samba/var/locks/sysvol | | |
read only = No | | |
Step | History | Description |
2 | passwd root | |
4 | apt-get install openssh-server | |
5 | ping lab1 | |
6 | ping lab1.johny.local | |
7 | ifconfig | |
8 | vim /etc/network/interfaces | Setup a fix IP |
9 | reboot | |
12 | ifconfig | |
13 | ping lab1 | |
14 | ping johny.local | |
15 | vi /etc/resolv.conf | |
17 | vi /etc/hosts | correct the hostname and add two line |
26 | reboot | |
27 | ifconfig | |
34 | apt-get remove –purge krb5-config | |
35 | apt-get install krb5-config | |
36 | kinit administrator@johny.local | |
38 | apt-get remove –purge krb5-config | |
39 | wget http://www.samba.org/samba/ftp/stable/samba-4.1.4.tar.gz | better copy it from another samba server |
40 | apt-get install build-essential libacl1-dev libattr1-dev libblkid-dev libgnutls-dev libreadline-dev python-dev python-dnspython gdb pkg-config libpopt-dev libldap2-dev | |
41 | cd /root/ | |
42 | ls | |
43 | tar zxvf samba-4.1.4.tar.gz | |
44 | cd samba-4.1.4/ | |
45 | ./configure –enable-debug | |
47 | make | |
48 | make install | |
49 | vim /etc/hostname | |
50 | vim /etc/resolv.conf | |
51 | ping lab1 | |
52 | cd /usr/local/samba/etc/ | |
53 | ls | |
54 | cd | |
55 | apt-get install krb5-user | |
56 | kinit administrator@JOHNY.LOCAL | |
57 | klist | |
58 | host -t dc lab2.johny.local | of course will failed |
59 | cd /usr/local/samba/bin/ | |
60 | ls | |
63 | cd / | |
64 | /usr/local/samba/bin/samba-tool domain join johny.local DC -Uadministrator –realm=johny.local | |
65 | host -t A lab2.johny.local | |
66 | /usr/local/samba/bin/samba-tool dns add 192.168.202.57 johny.local lab2 A 192.168.202.53 -Uadministrator | |
67 | host -t A lab2.johny.local | |
68 | /usr/local/samba/bin/ldbsearch -H /usr/local/samba/private/sam.ldb '(invocationid=*)' –cross-ncs objectguid | |
69 | host -t CNAME d40ea8d6-5e70-4b8b-ba3c-8ca20fe4451f._msdcs.demo.local | |
70 | host -t CNAME d40ea8d6-5e70-4b8b-ba3c-8ca20fe4451f._msdcs.johny.local | |
71 | cd /usr/local/samba/etc/ | |
72 | ls | |
73 | vim smb.conf | it already created a smb.conf file |
74 | cd.. | |
75 | cd .. | |
76 | cd bin/ | |
77 | ls | |
78 | cd | |
79 | host -t dc lab2.johny.local | |
82 | cd /etc/init.d/ | scp samba4 from other samba server |
83 | ls | |
84 | ls samba4 | |
86 | /etc/init.d/samba4 restart | |
88 | cd | |
89 | getent passwd | |
90 | ping lab1 | |
98 | | |
99 | ln -s /lib64/libnss_winbind.so /lib64/libnss_winbind.so.2 | |
100 | vim /etc/nsswitch.conf | |
101 | ldconfig -v | grep winbind |
102 | ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/libnss_winbind.so | |
103 | ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 | |
104 | ldconfig -v | grep winbind |
105 | /usr/local/samba/bin/wbinfo -p | |
106 | /usr/local/samba/bin/wbinfo -u | |
107 | getent passwd | |