samba4

Procedimento para instalar o SAMBA4 no FreeBSD:

1 - Atualizar o pkg:

# pkg update

2 - Instalar o pacote gnutls via pkg:

# pkg search gnutls

- Verificar os pacotes necessários, no meu caso, o gnutls-3.5.8 e py27-gntls-3.0.0, ambos são necessários para o funcionamento do samba.

# pkg install gnutls-3.5.8

3 - Instalar o pacote openldapserver via pkg:

# pkg search openldap

- Verificar os pacotes necessários, no meu caso, o openldap-server-2.4.44.

# pkg install openldap-server-2.4.44

4 - Entrar no arquivo /etc/fstab e adicionar o suporte a acl em todas as partiões, exceto swap:

# ee /etc/fstab

# Device        Mountpoint      FStype  Options Dump    Pass#
/dev/ada0p2     /               ufs     rw,acls 1       1
/dev/ada0p3     /var            ufs     rw,acls 2       2
/dev/ada0p4     /tmp            ufs     rw,acls 2       2
/dev/ada0p5     /home           ufs     rw,acls 2       2
/dev/ada0p6     none            swap    sw      0       0
/dev/ada0p7     /usr            ufs     rw,acls 2       2
/dev/ada0p8     /doc            ufs     rw,acls 2       2

- Sair do arquivo e salvar.

5 - Configurar /etc/rc.conf, /etc/resolv.conf e /etc/hosts:

- O resolv.conf deve apontar para a própria maquina

# ee /etc/resolv.conf

	search dc1.teste.local
	domain dc1.teste.local
	nameserver 192.168.1.1
	nameserver 127.0.0.1

# ee /etc/hosts

	::1                     localhost localhost.my.domain
	127.0.0.1               localhost localhost.my.domain
	192.168.1.1             srv       srv.dc1.teste.local

6 - Agora vamos instalar o Samba via pkg:

# pkg install samba45
# shutdown -r now

7 - As configurações estado todas corretas, podemos usar o comando domain provision para criarmos o domínio:

# samba-tool domain provision --use-rfc2307 --interactive

Realm [DC1.TESTE.LOCAL]:
 Domain [DC1]:
 Server Role (dc, member, standalone) [dc]:
 DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
 DNS forwarder IP address (write 'none' to disable forwarding) [192.168.1.1]:
Administrator password:
Retype password:
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=dc1,DC=teste,DC=local
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=dc1,DC=teste,DC=local
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf
Once the above files are installed, your Samba4 server will be ready to use
Server Role:           active directory domain controller
Hostname:              dc1
NetBIOS Domain:        CP1
DNS Domain:            dc1.teste.local
DOMAIN SID:            S-1-5-21-389350048-4243148579-3586042199

OBS: Abra um arquivo txt e salve essas informações geradas pelo domínio, futuramente irá precisar para restaurar backups manuais.

8 - Estartar o serviço samba:

# samba

9 - Efetuar alguns testes:

# smbclient -L localhost -U%

Domain=[CP1] OS=[Windows 6.1] Server=[Samba 4.4.5]

        Sharename       Type      Comment
        ---------       ----      -------
        netlogon        Disk
        sysvol          Disk
        IPC$            IPC       IPC Service (Samba 4.4.5)
Domain=[CP1] OS=[Windows 6.1] Server=[Samba 4.4.5]

        Server               Comment
        ---------            -------

        Workgroup            Master
        ---------            -------

#  smbclient //localhost/netlogon -UAdministrator -c 'ls'

Enter Administrator's password:
Domain=[CP1] OS=[Windows 6.1] Server=[Samba 4.4.5]
  .                                   D        0  Fri Jul 15 09:07:37 2016
  ..                                  D        0  Fri Jul 15 09:07:45 2016

                406246452 blocks of size 1024. 369736312 blocks available

# host -t SRV _ldap._tcp.dc1.teste.local.
_ldap._tcp.dc1.teste.local has SRV record 0 100 389 dc1.teste.local.

# host -t SRV _kerberos._udp.dc1.teste.local.
_kerberos._udp.dc1.teste.local has SRV record 0 100 88 dc1.teste.local.

# host -t A srv.dc1.teste.local.
srv.dc1.teste.local has address 192.168.1.1

# kinit administrator@DC1.TESTE.LOCAL
administrator@DC1.TESTE.LOCAL's Password:

# klist
Credentials cache: FILE:/tmp/krb5cc_0
        Principal: administrator@DC1.TESTE.LOCAL

  Issued                Expires               Principal
Jul 15 10:26:19 2016  Jul 15 20:26:19 2016  krbtgt/DC1.TESTE.LOCAL@DC1.TESTE.LOCAL

– Feitos todos esses passos, e se, não houve nenhuma mensagem erro podemos ingressar uma maquina Windows no domínio.