Testinstall: Unterschied zwischen den Versionen

Aus Vosp.info
Wechseln zu:Navigation, Suche
(Samba)
(smb.conf)
 
(2 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 117: Zeile 117:
 
  apt-get install samba cups
 
  apt-get install samba cups
  
 +
<span style="color:#FF0000">Wichtig:</span>Für einen Stand alone PDC '''winbind''' abschalten, wird mit cifs-tools installiert.
 +
systemctl disable winbind.service
 +
systemctl stop winbind.service
 +
=== smb.conf ===
 
  vim /etc/samba/smb.conf
 
  vim /etc/samba/smb.conf
  
 
  [global]
 
  [global]
  workgroup = jess4classic  
+
    workgroup = jess4classic  
  wins support = yes  
+
    wins support = yes  
  dns proxy = no
+
    dns proxy = no
  interfaces =  eth1
+
    interfaces =  eth1
  bind interfaces only = yes
+
    bind interfaces only = yes
  log file = /var/log/samba/log.all
+
    log file = /var/log/samba/log.all
  max log size = 1000
+
    max log size = 1000
  syslog = 0
+
    syslog = 0
  panic action = /usr/share/samba/panic-action %d
+
    panic action = /usr/share/samba/panic-action %d
        server role = classic primary domain controller  
+
    server role = classic primary domain controller  
  passdb backend = tdbsam
+
    passdb backend = tdbsam
  obey pam restrictions = yes
+
    obey pam restrictions = yes
  unix password sync = no
+
    unix password sync = no
  map to guest = bad user
+
    map to guest = bad user
  logon path = \\%N\profiles\%a\%U
+
    logon path = \\%N\profiles\%a\%U
  domain logons = yes
+
    domain logons = yes
  domain master = yes
+
    domain master = yes
  local master = yes
+
    local master = yes
  logon drive = H:
+
    logon drive = H:
  logon home = \\%N\%U
+
    logon home = \\%N\%U
  logon script = netlogon.cmd
+
    logon script = netlogon.cmd
add machine script  = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u
+
    add machine script  = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u
 
  [homes]
 
  [homes]
 
     comment = Home Directories
 
     comment = Home Directories
Zeile 179: Zeile 183:
 
     write list = root, @lpadmin
 
     write list = root, @lpadmin
 
  [fuer_alle]
 
  [fuer_alle]
        comment = Netzlaufwerk fuer alle
+
    comment = Netzlaufwerk fuer alle
        path = /local/samba/shares/fuer_alle
+
    path = /local/samba/shares/fuer_alle
        browseable = no
+
    browseable = no
        read only = no
+
    read only = no
        create mask = 0666
+
    create mask = 0666
        directory mask = 0777
+
    directory mask = 0777
 
+
=== Verzeichnisse gemäß der smb.conf anlegen ===
 
  mkdir /local/samba
 
  mkdir /local/samba
 
  cd /local/samb
 
  cd /local/samb
 
  mkdir -p netlogon profiles shares/fuer_alle
 
  mkdir -p netlogon profiles shares/fuer_alle
 
  chmod 777 shares/fuer_alle/
 
  chmod 777 shares/fuer_alle/
 +
Für Vista, Win7
 +
mkdir /local/samba/profiles/Vista
 +
chmod 1777 /local/samba/profiles/Vista
  
 +
=== User anlegen ===
 +
==== Domain Admin ====
 +
Kann Maschinen in die Domain holen und ist auf allem Maschinen '''root'''
 
  groupadd ntadmin
 
  groupadd ntadmin
  
Zeile 198: Zeile 208:
 
  smbpasswd -a domadmin
 
  smbpasswd -a domadmin
 
  addgroup domadmin ntadmin
 
  addgroup domadmin ntadmin
 +
==== Domain User ====
  
 
  adduser domuser
 
  adduser domuser
 
  smbpasswd -a domuser
 
  smbpasswd -a domuser

Aktuelle Version vom 15. März 2015, 13:34 Uhr

Zurück zu LXC auf Ubuntu 14.04-2 LTS

Was soll es werden

  • DHCP-Server
  • Nameserver
  • Router mit Masquerading
    • bedeutet: zwei Netzwerkkarten
  • tftpd-Server
  • Samba-Server
  • Ct startet automatisch

Netzwerkschnittstellen

vim /etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp

# Ergänzung für eth1 (output interface)
auto eth1
iface eth1 inet static
        address 10.78.20.10
        netmask 255.255.255.0
systemctl restart networking.service

DHCP-Server

apt-get install isc-dhcp-server
vim /etc/default/isc-dhcp-server

Ersetze

INTERFACES=""

gegen

INTERFACES="eth1"
vim /etc/dhcp/dhcpd.conf


ddns-update-style none;
option domain-name "test.local";
option domain-name-servers 10.78.20.10;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;


subnet 10.78.20.0 netmask 255.255.255.0 {
  range 10.78.20.100 10.78.20.200;
  option routers 10.78.20.10;
}
systemctl restart isc-dhcp-server.service

Nameserver

apt-get install bind9

Für Tests (z.B. dig)

apt-get install dnsutils

Masquerading per Firewall

apt-get install iptables
vim /etc/rc.local

Einfügen vor exit 0

iptables -t nat -F
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Forwarding

vim /etc/sysctl.conf

Ersetze

#net.ipv4.ip_forward=1

durch

net.ipv4.ip_forward=1

Aktivieren

sysctl -p

tftp für PXE-Boot

vim /etc/dhcp/dhcpd.conf

next-server 10.78.20.10;
filename "linux/pxelinux.0";
systemctl restart isc-dhcp-server.service
apt-get install tftpd-hpa
vim /etc/default/tftp-hpa

Ändern von

TFTP_ADDRESS="0.0.0.0:69"

in

TFTP_ADDRESS="10.78.20.10:69"
mkdir /srv/tftp/linux

Zum schnellen testen

wget http://ftp.nl.debian.org/debian/dists/jessie/main/installer-i386/current/images/netboot/netboot.tar.gz
mv netboot.tar.gz /srv/tftp/linux/
cd /srv/tftp/linux
tar xf netboot.tar.gz
chgrp -R nogroup *

Client mit PXE als Bootdevice starten

Autostart

vim /var/lib/lxc/<CT-Name>/config
lxc.start.auto = 1 => Autostart
lxc.start.delay = 5 => Startverzögerung

Home nach /local verlegen

mkdir -p /local/home
rm -r /home
ln -s /local/home /home

Samba

Installiert wir Version 4

apt-get install samba cups

Wichtig:Für einen Stand alone PDC winbind abschalten, wird mit cifs-tools installiert.

systemctl disable winbind.service
systemctl stop winbind.service

smb.conf

vim /etc/samba/smb.conf
[global]
   workgroup = jess4classic 
   wins support = yes 
   dns proxy = no
   interfaces =  eth1
   bind interfaces only = yes
   log file = /var/log/samba/log.all
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
   server role = classic primary domain controller 
   passdb backend = tdbsam
   obey pam restrictions = yes
   unix password sync = no
   map to guest = bad user
   logon path = \\%N\profiles\%a\%U
   domain logons = yes
   domain master = yes
   local master = yes
   logon drive = H:
   logon home = \\%N\%U
   logon script = netlogon.cmd
   add machine script  = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u
[homes]
   comment = Home Directories
   browseable = no
   read only = no 
   create mask = 0700
   directory mask = 0700
   valid users = %S
[netlogon]
  comment = Network Logon Service
   path = /local/samba/netlogon
   guest ok = yes
   read only = yes
   write list = @ntadmin
[profiles]
   comment = Users profiles
   path = /local/samba/profiles
   guest ok = no
   browseable = yes
   create mask = 0600
   directory mask = 0700
   read only = no
[printers]
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   guest ok = no
   read only = yes
   create mask = 0700
[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no
   write list = root, @lpadmin
[fuer_alle]
   comment = Netzlaufwerk fuer alle
   path = /local/samba/shares/fuer_alle
   browseable = no
   read only = no
   create mask = 0666
   directory mask = 0777

Verzeichnisse gemäß der smb.conf anlegen

mkdir /local/samba
cd /local/samb
mkdir -p netlogon profiles shares/fuer_alle
chmod 777 shares/fuer_alle/

Für Vista, Win7

mkdir /local/samba/profiles/Vista
chmod 1777 /local/samba/profiles/Vista

User anlegen

Domain Admin

Kann Maschinen in die Domain holen und ist auf allem Maschinen root

groupadd ntadmin
net groupmap add ntgroup="Domain Admins" unixgroup=ntadmin rid=512 type=d
adduser domadmin
smbpasswd -a domadmin
addgroup domadmin ntadmin

Domain User

adduser domuser
smbpasswd -a domuser