微软输了反垄断案,被法院判决向samba项目贡献代码,samba与微软的战争结束,换来了samba4 十多年来的第一个正式版,完全兼容win2k至win8所有的客户端。
主流Linux发行版里的samba4版本比较旧,debian wheezy用的也是beta2,其他都是alpha18,最新的Fedora 18 自带了samba4正式版,但是使用的kerberos是MIT的,与samba4自带的heimdal kerberos有些出入,鉴于目前samba4的文档比较少,在RedHat系的平台上,还是按照官方wiki说的做成功率比较高,也就是编译安装。
samba4内置了kerberos、dns和ldap,外加一个ntp就可以完成一个AD了。
环境:CentOS 6.3 x64
少废话,将经过测试和总结的精华写个脚本分享给大家,简单说明如下:
1、请根据需要修改【10-13行】,注意大小写;
2、主机名没有特别要求,非fqdn即可,不带域名的那种,比如samba;
3、samba4 AD 安装一步到位(加上启动脚本实际为2步,ntp请另行配置)
4、脚本可重复执行,除去下载,安装编译耗时约15分钟
5、配置文件位于/etc/samba,可执行文件和库文件都位于/usr/local/,
手册在/usr/share/samba,pid和lock都位于/var,日志位于/var/log/samba,做了日志轮转
#!/usr/bin/env bash
# name = setup-samba4-ad.sh
# author = purplegrape4@gmail.com
# test under centos 6.3 mininal only ,
# at your own risk.
set -e
#------------------------------
realm=TEST.ORG
domain=TEST
adminpass="1q2w3edc4RFV"
DomainName=test.org
#install development packages
yum groupinstall "Development tools" -y
yum install Python-devel ctdb-devel docbook-style-xsl libacl-devel readline-devel \
openssl-devel cups-devel libaio-devel pam-devel libtevent-devel libcap-devel \
expect libuuid-devel libtdb-devel quota-devel openldap-devel krb5-workstation -y
rm -rf samba-4.0.3*
#wget
#wget
[ -f samba-4.0.3.tar.gz ] || wget
[ -d samba-4.0.3 ] || tar zxvf samba-4.0.3.tar.gz
mkdir -p /etc/samba/private
cd samba-4.0.3
./configure \
--enable-debug \
--enable-selftest \
--disable-cups \
--disable-gnutls \
--enable-fhs \
--prefix=/usr/local \
--sysconfdir=/etc \
--localstatedir=/var \
--datarootdir=/usr/share \
--with-privatedir=/etc/samba/private
# --with-aio-support
make && make install
rm -rf /etc/samba/smb.conf
samba-tool domain provision \
--realm=$realm \
--domain=$domain \
--workgroup=$DomainName \
--adminpass="$adminpass" \
--server-role=dc \
--use-rfc2307
cat /etc/samba/private/krb5.conf > /etc/krb5.conf
echo "[kdc]" >>/etc/krb5.conf
echo "check-ticket-address = false" >>/etc/krb5.conf
#/usr/sbin/samba -D
#echo "/usr/local/sbin/samba -D" >>/etc/rc.local
curl >/etc/init.d/samba4
chmod 755 /etc/init.d/samba4
chkconfig --add samba4
chkconfig --level 2345 samba4 on
/etc/init.d/samba4 start
service iptables stop
echo domain $DomainName >/etc/resolv.conf
echo nameserver 127.0.0.1 >>/etc/resolv.conf
#for rsyslog
cat > /etc/rsyslog.d/samba.log <<SAMBA-LOG
/var/log/samba/* {
notifempty
olddir /var/log/samba/old
missingok
sharedscripts
copytruncate
}
SAMBA-LOG
#DNS test
host -t SRV _ldap._tcp.$DomainName.
host -t SRV _kerberos._udp.$DomainName.
host -t A $HOSTNAME.$DomainName.
service samba4 restart
sleep 10
#samba-client test
smbclient --version
smbclient -L localhost -U%
smbclient //localhost/netlogon -U administrator -P $adminpass -c 'ls'
#kerberos test
expect -c "
set timeout 5;
spawn kinit administrator@TEST.ORG
expect {
"Password*" {send \"$adminpass\r\";}
}
expect eof;"
#echo please enter your passwd of administrator
#kinit administrator@TEST.ORG
klist
cat <<NOTE >&2
#Warnning#
#Remember to open the following ports in your iptables firewall
#53 tcp/udp
#88 tcp/udp
#389 tcp/udp
#464 tcp/udp
#137 udp
#138 udp
#139 tcp
#445 tcp
#636 tcp
#1024 tcp
#3268 tcp
#3269 tcp
NOTE
echo "Congratuations! everything done successful"
#end of the script
