Test lab

########domain test.local#################

AD/DC -- AD.test.local -- 192.168.0.10


Gateway 192.168.0.1
dnsforwarders 192.168.0.1

-------disable selinux,firewall, check config files---------
edit /etc/sysconfig/selinux
	SELINUX=disabled
run
#setenforce 0

disable firewall

---------------- update system----------------

yum update

--------------Packages-------------------------

yum install glibc glibc-devel gcc python* libacl-devel krb5-workstation krb5-libs pam_krb5

---------Installing Samba-----------------

yum install git-core 

git clone git://git.samba.org/samba.git samba-master

-----------------Checking DNS and IP---------

system-config-network--- DNS (AD/DC from above)

Check files
#nano /etc/sysconfig/network-scripts/ifcfneg-
/etc/hosts
/etc/sysconfig/network
/etc/resolv.conf


-------------------------------------------------

cd samba-master
./configure --enable-debug --enable-selftest
make
make install

------------------Provision--------------------

rm /usr/local/samba/etc/smb.conf -- remove old samba config if there is any

/usr/local/samba/bin/samba-tool domain provision

#cat /usr/local/samba/etc/smb.conf

	# Global parameters
	[global]
		workgroup = TEST
		realm = TEST.LOCAL
		netbios name = AD
		server role = active directory domain controller
		dns forwarder = 192.168.0.1

	[netlogon]
		path = /usr/local/samba/var/locks/sysvol/test.local/scripts
		read only = No

	[sysvol]
		path = /usr/local/samba/var/locks/sysvol
		read only = No

/usr/local/samba/sbin/samba

#chkconfig samba

-----------------Start/Verify Samba as AD DC-----------------

/usr/local/samba/sbin/samba -V

/usr/local/samba/bin/smbclient --version

/usr/local/samba/bin/smbclient -L localhost -U%


	Domain=[TEST] OS=[Unix] Server=[Samba 4.1.0pre1-GIT-46ab33d]

	Sharename       Type      Comment
	---------       ----      -------
	netlogon        Disk      
	sysvol          Disk      
	IPC$            IPC       IPC Service (Samba 4.1.0pre1-GIT-46ab33d)
	Domain=[TEST] OS=[Unix] Server=[Samba 4.1.0pre1-GIT-46ab33d]

	Server               Comment
	---------            -------

	Workgroup            Master
	---------            -------

-------------------Configure/Test DNS-----------------------------

nano /etc/resolv.conf
domain test.local
nameserver 192.168.0.10
 
host -t SRV _ldap._tcp.test.local
host -t SRV _kerberos._udp.test.local
host -t A ad.test.local

---------------Kerberos------------------------------------------
cp /usr/local/samba/share/setup/krb5.conf /etc/krb5.conf

#nano /etc/krb5.conf
	[libdefaults]
	default_realm = TEST.LOCAL
        dns_lookup_realm = false
        dns_lookup_kdc = true

---------------Testing Kerberos---------------------------------

kinit administrator@TEST.LOCAL
	Warning: Your password will expire in 41 days on Fri Apr  5 08:03:28 2013

klist
	valid starting     Expires            Service principal
	02/22/13 07:09:32  02/22/13 17:09:32  krbtgt/TEST.LOCAL@TEST.LOCAL
	renew until 02/23/13 07:09:28

###############SERVER MEMBER####################

NAS1 -- NAS1.test.local
192.168.0.11
DNS 192.168.0.10
Gateway 192.168.0.1

yum install glibc glibc-devel gcc python* libacl-devel krb5-workstation krb5-libs pam_krb5 autoconf automake gdb krb5-devel make openldap-devel pam-devel python-devel 

yum install update

---------Installing Samba-----------------

yum install git-core 

git clone git://git.samba.org/samba.git samba-master

cd samba-master
./configure --with-ads --with-shared-modules=idmap_ad
make
make install

-------disable selinux,firewall, check config files---------

# nano /etc/sysconfig/selinux
       SELINUX=disabled
#setenforce 0

disable firewall

Check files

nano /etc/hosts
nano /etc/sysconfig/network
#system-config-network
#nano /etc/sysconfig/network-scripts/ifcfg-
nano /etc/resolv.conf


---------------Kerberos------------------------------------------

nano /etc/krb5.conf

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = TEST.LOCAL
 dns_lookup_realm = true
 dns_lookup_kdc = true
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = yes

[appdefaults]
     pam = {
          debug = false
          ticket_lifetime = 36000
          renew_lifetime = 36000
          forwardable = true
          krb4_convert = false
     }

---------------Configuring Samba---------------------------------

nano /usr/local/samba/etc/smb.conf

[global]

        workgroup = TEST
        realm = TEST.LOCAL
        security = ADS
        netbios name = NAS1
        server role = member server
        passdb backend = samba_dsdb
        dns forwarder = 192.168.0.10

        idmap config *:backend = tdb
        idmap config *:range = 70001-80000
        idmap config TEST:backend = ad
        idmap config TEST:schema_mode = rfc2307
        idmap config TEST:range = 500-40000

        winbind nss info = rfc2307
        winbind trusted domains only = no
        winbind use default domain = yes
        winbind enum users  = yes
        winbind enum groups = yes

[users]
                path = /users/home/
                read only = No


------------------------Joining to Domain Users and Groups------------------------------------

net ads join -U administrator