Comandos para gerenciamento de Usuarios no samba 4 ( Terminal )

Digitando o comando # export PATH=$PATH:/opt/samba/bin:/opt/samba/sbin Trocar senha do usurio # samba-tool user setpassword s3nh4f0rt3 newpassword=1234.mvd4r.s3nh4 Trocar senha do usurio e forca a troca no Prximo Login # samba-tool user setpassword s3nh4f0rt3 newpassword=1234.mvd4r.s3nh4 must-change-at-next-login Deletar Usurio # samba-tool user delete limpeza.ti Deletar Usurio e Deletar a sua pasta Home # samba-tool user delete limpeza.ti && rm -r /system/profile/limpeza.ti Listar Todos os Usurios do samba # samba-tool user list Desabilitar o Usurio com essa opo a conta no pode ser utilizada mais permanece no servidor # samba-tool user disable limpeza.ti Habilitar Usurio # samba-tool user enable limpeza.ti Expirao de senha do usurio A expirao de senha para todos os usurios do domnio e feita com outro comando essa altera somente do usurio especificado ( bom para ser usado em certas excees como por exemplo aquele diretor que insiste em ser uma exceo a regra ) 10 e o numero de dias em que a senha ira expirar # samba-tool user setexpiry limpeza.ti days=10 Desabilitar a expirao de senha # samba-tool user setexpiry limpeza.ti noexpiry Grupos Criar um grupo # samba-tool group add diretoria Adicionar Vrios Grupos de uma vez

# samba-tool group add diretoria diretoria_ead Criar um grupo e adicionar um descrio ao grupo # samba-tool group add diretoria description=Grupo da diretoria Adicionar um membro a um grupo # samba-tool group addmembers diretoria mundoti Adicionar um Grupo dentro de Outro Grupo No samba4 podemos adicionar um grupos dentro de outro isso e muito util # samba-tool group addmembers diretoria diretoria_ead Adicionar Vrios Membros a um grupo de uma vez s # samba-tool group addmembers diretoria mundoti,mundoti2 Remover um grupo # samba-tool group delete diretoria Removendo Vrios grupos de uma vez # samba-tool group delete diretoria diretoria_ead Remover um membro de um grupo # samba-tool group removemembers diretoria mundoti Remover Membros de um grupo # samba-tool group removemembers diretoria mundoti,mundoti2 Listar todos os grupos # samba-tool group list Listar Usurios pertencente a um grupo # samba-tool group listmembers diretoria

Gerenciando Seu servidor DNS pelo shell no samba4

Publicado em por jeferson salles

Objetivo: Explicar como Gerenciar Seu Servidor dns no samba4 pelo shell Introduo: Este Post tem como objetivo explicar: Adicionar uma zona Reversa Adicionar entradas no Zona primaria e reversa Consultar Informao sobre as zona de dns E outras

No post anterior Criando usurio Pelo Shell no Samba4 expliquei como criar usurio pelo shell No post anterior Gerenciando usurios e grupos pelo shell no samba4 expliquei como Gerenciar usurio e grupos pelo shell Cenrio: Servidor: Debian 7 Verso do Samba: 4.0.3 Faixa de ip da Zona reversa = 192.168.1.0/24 ( Classe C ) Entrada a ser criada no Dns = roteador.empresa.casa Ip da entrada criada no Dns ( roteador.empresa.casa ) = 192.168.1.1 Senha do usuario = Senha_do_usuario_administrator Nome do dominio = empresa.casa Diretrio de instalao do samba = /opt/samba/ *Obs: para executar esses comandos sem ter digitar o caminho completo Ex samba-tool /opt/samba/bin/samba-tool voc tem que ter exporta a varivel path do local da instalao do samba4 isso pode ser feito da seguinte forma. Digitando o comando # export PATH=$PATH:/opt/samba/bin:/opt/samba/sbin No Vamos Criar a zona primaria porque a mesma j foi criada automaticamente pelo samba

Como Podemos ver # samba-tool dns zonelist 127.0.0.1 auto -U Administrator password=Senha_do_usuario_administrator Saida do comando
2 zone(s) found pszZoneName : empresa.casa Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn : DomainDnsZones.empresa.casa pszZoneName : _msdcs.empresa.casa Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED pszDpFqdn : ForestDnsZones.empresa.casa Vamos Criar uma zona reversa

Criar zona reversa # samba-tool dns zonecreate 127.0.0.1 1.168.192.in-addr.arpa -U Administrator password=Senha_do_usuario_administrator Obs a zona reversa criada foi para uma faixa de ip 192.168.1.0/24 ( Classe C ) Outro exemplo para uma rede classe A 10.0.0.0 # samba-tool dns zonecreate 127.0.0.1 10.in-addr.arpa -U Administrator password=Senha_do_usuario_administrator Verificando se a zona foi criada corretamente. # samba-tool dns zonelist 127.0.0.1 reverse -U Administrator password=Senha_do_usuario_administrator Saida do comando
pszZoneName : 1.168.192.in-addr.arpa

Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn : DomainDnsZones.empresa.casa Criar uma entrada no dns # samba-tool dns add 127.0.0.1 empresa.casa roteador.empresa.casa A 192.168.1.1 -U Administrator password=Senha_do_usuario_administrator Testando se a entrada foi criada corretamente. # dig roteador.empresa.casa
Saida do comando ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> roteador.empresa.casa ;; global options: +cmd ;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63062 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;roteador.empresa.casa. IN A ;; ANSWER SECTION: roteador.empresa.casa. 900 IN A 192.168.1.1 ;; Query time: 5 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sat May 18 12:54:07 2013 ;; MSG SIZE rcvd: 55

Criar uma entrada na zona reversa # samba-tool dns add 127.0.0.1 1.168.192.in-addr.arpa 1 PTR roteador.empresa.casa -U Administrator password=Senha_do_usuario_administrator Como podem reparar o ip do roteador e 192.168.1.1 como a zona reversa e de classe C Adicionamos socmente o 1 ( que completa o ip do roteador ) Antes do ptr Testando se a entrada foi criada corretamente. # nslookup 192.168.11.1 Saida do comando
Server: 127.0.0.1 Address: 127.0.0.1#53 1.1.168.192.in-addr.arpa name = roteador.empresa.casa.

Alguns comando uteis Listar informaes sobre o seu servidor de dns # samba-tool dns serverinfo 127.0.0.1 -U Administrator - password=Senha_do_usuario_administrator Listar todas as Zona de dns do seu servidor # samba-tool dns zonelist 127.0.0.1 -U Administrator password=Senha_do_usuario_administrator Listar Somente as Zona de dns reverso #samba-tool dns zonelist 127.0.0.1 reverse -U Administrator password=Senha_do_usuario_administrator Informaes sobre uma zona especifica # samba-tool dns zoneinfo 127.0.0.1 empresa.casa -U Administrator password=Senha_do_usuario_administrator Ver todas as entradas confiiguradas da zona empresa.casa # samba-tool dns query 127.0.0.1 empresa.casa @ ALL -U Administrator password=Senha_do_usuario_administrator Ver todas as entradas configuradas da zona reversa # samba-tool dns query 127.0.0.1 11.168.192.in-addr.arpa @ ALL -U Administrator password=Senha_do_usuario_administrator

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43

uptime yum update -y vim /etc/security/limits.conf yum install vim ls clear ls cd anaconda-ks.cfg ls vim /etc/security/limits.conf ls chkconfig iptables off chkconfig ip6tables off vim /etc/sysconfig/selinux reboot history tune2fs -l /dev/mapper/vg_dominio01-LogVol0 |grep options tune2fs -l /dev/mapper/vg_dominio01-LogVol00 |grep options tune2fs -l /dev/mapper/vg_dominio01-LogVol01 |grep options tune2fs -l /dev/mapper/vg_dominio01-LogVol02 |grep options vim /etc/fstab mount -o remount / # Foi colocado na linha do / ext4 user_xattr,acl,default 11 instalando_samba4.sh vim instalando_samba4.sh sh instalando_samba4.sh cat instalando_samba4.sh yum -y install compat-glibc-headers vim instalando_samba4.sh sh instalando_samba4.sh clear vim instalando_samba4.sh sh instalando_samba4.sh vim instalando_samba4.sh sh instalando_samba4.sh vim instalando_samba4.sh sh instalando_samba4.sh vim instalando_samba4.sh sh instalando_samba4.sh vim instalando_samba4.sh sh instalando_samba4.sh vim instalando_samba4.sh sh instalando_samba4.sh

44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95

vim instalando_samba4.sh sh instalando_samba4.sh vim instalando_samba4.sh sh instalando_samba4.sh vim instalando_samba4.sh sh instalando_samba4.sh vim instalando_samba4.sh sh instalando_samba4.sh vim instalando_samba4.sh sh instalando_samba4.sh vim instalando_samba4.sh sh instalando_samba4.sh vim instalando_samba4.sh sh instalando_samba4.sh vim instalando_samba4.sh sh instalando_samba4.sh vim instalando_samba4.sh sh instalando_samba4.sh vim instalando_samba4.sh sh instalando_samba4.sh vim instalando_samba4.sh sh instalando_samba4.sh vim instalando_samba4.sh sh instalando_samba4.sh vim instalando_samba4.sh sh instalando_samba4.sh sh instalando_samba4.sh |grep "nao Instalado sh instalando_samba4.sh |grep "nao Instalado" yum -y install compat-glibc-headers setroubleshoot-server vim instalando_samba4.sh sh instalando_samba4.sh vim instalando_samba4.sh sh instalando_samba4.sh vim instalando_samba4.sh sh instalando_samba4.sh ls vim instalando_samba4.sh sh instalando_samba4.sh vim instalando_samba4.sh sh instalando_samba4.sh vim instalando_samba4.sh sh instalando_samba4.sh vim instalando_samba4.sh sh instalando_samba4.sh vim instalando_samba4.sh yum install -y wget && sh instalando_samba4.sh tar xzf samba-latest.tar.gz -C /usr/local/src/ cd /usr/local/src/samba-4.0.9/ ls ./configure ./configure --enable-debug --enable-selftest make

96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147

make install ls cd docs ls cd manpages/ ls for i in 1 5 7 8;do cp *.$i /usr/share/man/man$i;done man samba-tool #/usr/local/samba/bin/samba-tool domain provision ls cd /etc/ ls cd /usr/local/src/samba-4.0.9/ ls clear ls cd swat/ ls cd include/ ls cd .. ls cd images/ ls cd .. ls cd help/ ls cd .. ls cd .. ls cd examples/ ls cd autofs/ ls less auto.smb clear ls cd .. ls clear ls cd logon/ ls cd ntlogon/ ls cat ntlogon.conf ls cd .. ls cd genlogon/

148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199

ls cat genlogon.pl clear ls cd .. ls cd mklogon/ ls cat mklogon.pl clear ls cat mklogon.conf clear ls cd .. ls cd .. ls cd scripts/ ls cd users_and_groups/ ls cd .. ls cd .. ls misc/ ls cd misc/ ls cd .. ls cd .. ls clear ls cd codepages/ ls cd .. ls clear ls cd include/ ls cd public/ ls cd samba/ ls cd .. ls cd util/ ls

200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251

cd .. ls find . cd .. ls cd .. ls cd packaging/ ls cd RHEL ls cd setup/ ls cd .. ls cd .. ls cd Example/ ls cd .. ls cd .. ls cd bin/ ls cd de cd default/ ls cd file_server/ ls cd .. ls cd auth/ lks ls cd credentials/ ls cd .. ls cd .. ls cd .. ls cd dynconfig/ ls file wscript less wscript ls cd .. ls cd libgpo/ ls

252 cd gpext/ 253 ls 254 cd .. 255 ls 256 cd bin/ 257 ls 258 cd .. 259 ls 260 cd 261 ls 262 vim instalando_samba4.sh 263 history 264 history |grep wget 265 vim instalando_samba4.sh 266 #tar xzf samba-latest.tar.gz -C /usr/local/src/ 267 echo "tar xzf samba-latest.tar.gz -C /usr/local/src/" >>instalando_samba4.sh 268 vim instalando_samba4.sh 269 echo "./configure --enable-debug --enable-selftest " >>instalando_samba4.sh 270 #make install 271 vim instalando_samba4.sh 272 #echo "./configure --enable-debug --enable-selftest " >>instalando_samba4.sh 273 s 274 vim instalando_samba4.sh 275 clear 276 ls 277 cat 1 278 rm -f 1 279 ls 280 cat instal 281 date 282 cat instalando_samba4.sh 283 vim instalando_samba4.sh 284 ls 285 clear 286 ls 287 shutdown -h now 288 ifconfig 289 iptables -L 290 service iptables stop 291 service sshd status 292 ls 293 clear 294 ls 295 history SCRIPT para instalao do SAMBA 4 #!/bin/bash #

# Variaveis do sistema # # PACOTES NECESSARIOS PARA A INSTALAAO DO SAMBA 4 ( CENTOS 6.4 ) pacotes="compat-glibc-headers cups-devel cyrus-sasl-devel gcc gdb gnutls-devel kernel-devel keyutils-libs-devel krb5-workstation libacldevel libaio-devel libattr-devel libblkid-devel libcap-devel libidn-devel libpcap-devel libsemanage-python libsepol-devel libtirpc-devel libxml2-devel libxslt openldap-devel pam-devel pkgconfig policycoreutils-python popt-devel python-devel readline-devel setoolslibs setools-libs-python setroubleshoot-plugins setroubleshoot-server sqlite-devel zlib-devel vim wget" instalar=" " for i in $pacotes do echo "Pesquisando pacote $i" resultado=`rpm -qa |grep $i` if test -z "$resultado" ; then echo "Pacote nao Instalado : $i " # CASO O PACOTE NAO EXISTA REALIZA A INSTALAAO instalar="$i $instalar" #um -y $i fi done # Executando a instalacao dos pacotes necessarios para o Samba if test -z "$instalar";then echo "Executando a instalacao dos pacotes" echo $instalar read z yum -y $instalar fi # Download Samba4 echo "Efetuando o Download " cd /opt wget -c http://ftp.samba.org/pub/samba/samba-latest.tar.gz echo "Descompactando" tar xzf samba-latest.tar.gz -C /usr/local/src/ echo "Instalando o Samba 4" cd /usr/local/src/samba* make && make install ./configure --enable-debug --enable-selftest

[root@dominio01 bin]# ./samba-tool domain provision Realm [CCB.ORG.BR]: ccb.org.br Domain [ccb]: ccb Server Role (dc, member, standalone) [dc]: dc DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: DNS forwarder IP address (write 'none' to disable forwarding) [192.168.122.1]: Administrator password: Retype password: Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up share.ldb Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Adding DomainDN: DC=ccb,DC=org,DC=br Adding configuration container Setting up sam.ldb schema Setting up sam.ldb configuration data Setting up display specifiers Modifying display specifiers Adding users container Modifying users container Adding computers container Modifying computers container Setting up sam.ldb data Setting up well known security principals Setting up sam.ldb users and groups Setting up self join Adding DNS accounts Creating CN=MicrosoftDNS,CN=System,DC=ccb,DC=org,DC=br Creating DomainDnsZones and ForestDnsZones partitions Populating DomainDnsZones and ForestDnsZones partitions Setting up sam.ldb rootDSE marking as synchronized Fixing provision GUIDs A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf Once the above files are installed, your Samba4 server will be ready to use Server Role: active directory domain controller Hostname: dominio01 NetBIOS Domain: CCB

DNS Domain: DOMAIN SID:

ccb.org.br S-1-5-21-3703885753-632100921-3966294513

[root@dominio01 bin]# /usr/local/samba/sbin/samba [root@dominio01 bin]# netstat -lntup|grep samba tcp 0 0 0.0.0.0:135 0.0.0.0:* 1508/samba tcp 0 0 0.0.0.0:464 0.0.0.0:* 1514/samba tcp 0 0 0.0.0.0:53 0.0.0.0:* 1520/samba tcp 0 0 0.0.0.0:88 0.0.0.0:* 1514/samba tcp 0 0 0.0.0.0:636 0.0.0.0:* 1511/samba tcp 0 0 0.0.0.0:1024 0.0.0.0:* 1508/samba tcp 0 0 0.0.0.0:3268 0.0.0.0:* 1511/samba tcp 0 0 0.0.0.0:3269 0.0.0.0:* 1511/samba tcp 0 0 0.0.0.0:389 0.0.0.0:* 1511/samba udp 0 0 192.168.122.202:137 0.0.0.0:* 1509/samba udp 0 0 192.168.122.255:137 0.0.0.0:* 1509/samba udp 0 0 0.0.0.0:137 0.0.0.0:* 1509/samba udp 0 0 192.168.122.202:138 0.0.0.0:* 1509/samba udp 0 0 192.168.122.255:138 0.0.0.0:* 1509/samba udp 0 0 0.0.0.0:138 0.0.0.0:* 1509/samba udp 0 0 0.0.0.0:53 0.0.0.0:* 1520/samba udp 0 0 192.168.122.202:464 0.0.0.0:* 1514/samba udp 0 0 0.0.0.0:464 0.0.0.0:* 1514/samba udp 0 0 192.168.122.202:88 0.0.0.0:* 1514/samba udp 0 0 0.0.0.0:88 0.0.0.0:* 1514/samba udp 0 0 192.168.122.202:389 0.0.0.0:* 1512/samba udp 0 0 0.0.0.0:389 0.0.0.0:* 1512/samba

OUA OUA OUA OUA OUA OUA OUA OUA OUA

Verificando o dominio
[root@dominio01 bin]# ./smbclient -L localhost -U% Domain=[CCB] OS=[Unix] Server=[Samba 4.0.9] Sharename Type Comment -----------------netlogon Disk sysvol Disk IPC$ IPC IPC Service (Samba 4.0.9) Domain=[CCB] OS=[Unix] Server=[Samba 4.0.9] Server --------Workgroup --------Comment ------Master -------

Colocando as coisas no seu devido lugar

#!/bin/bash # Comandos do Samba 4 no path do sistema # Copyright 2013 Jose Carlos Rocha <jcr0ch4@gmail.com> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, # MA 02110-1301, USA. # # Colocando os comandos do Samba 4 no path do sistema export PATH="/usr/local/samba/bin:/usr/local/samba/sbin:${PATH}"

[root@dominio01 ~]# source /etc/profile.d/samba4.sh [root@dominio01 ~]# samba -V Version 4.0.9

Script para iniciar o samba 4

[root@dominio01 init.d]# cat samba4

#!/bin/bash # # samba4 This shell script takes care of starting and stopping # samba4 daemons. # # chkconfig: - 58 74 # description: Samba 4.0 will be the next version of the Samba suite # and incorporates all the technology found in both the Samba4 alpha # series and the stable 3.x series. The primary additional features # over Samba 3.6 are support for the Active Directory logon protocols # used by Windows 2000 and above. ### BEGIN INIT INFO # Provides: samba4 # Required-Start: $network $local_fs $remote_fs # Required-Stop: $network $local_fs $remote_fs # Should-Start: $syslog $named # Should-Stop: $syslog $named # Short-Description: start and stop samba4 # Description: Samba 4.0 will be the next version of the Samba suite # and incorporates all the technology found in both the Samba4 alpha # series and the stable 3.x series. The primary additional features # over Samba 3.6 are support for the Active Directory logon protocols # used by Windows 2000 and above. ### END INIT INFO # Source function library. . /etc/init.d/functions # Source networking configuration. . /etc/sysconfig/network prog=samba prog_dir=/usr/local/samba/sbin/ lockfile=/var/lock/subsys/$prog start() { [ "$NETWORKING" = "no" ] && exit 1 # [ -x /usr/sbin/ntpd ] || exit 5 # Start daemons. echo -n $"Starting samba4: " daemon $prog_dir/$prog -D RETVAL=$? echo [ $RETVAL -eq 0 ] && touch $lockfile return $RETVAL

} stop() {

[ "$EUID" != "0" ] && exit 4 echo -n $"Shutting down samba4: " killproc $prog_dir/$prog RETVAL=$? echo [ $RETVAL -eq 0 ] && rm -f $lockfile return $RETVAL

# See how we were called. case "$1" in start) start ;; stop) stop ;; status) status $prog ;; restart) stop start ;; reload) echo "Not implemented yet." exit 3 ;; *) echo $"Usage: $0 {start|stop|status|restart|reload}" exit 2 esac

Pos criao do Script

[root@dominio01 init.d]# chmod 755 samba4 [root@dominio01 init.d]# chkconfig --add samba4 [root@dominio01 init.d]# chkconfig samba4 on [root@dominio01 init.d]# service samba4 status samba (pid 1520 1519 1518 1517 1516 1515 1514 1512 1511 1510 1509 1508 1507 1506) est em execuo...

Testando DNS [root@dominio01 init.d]# host -t SRV _ldap._tcp.ccb.org.br _ldap._tcp.ccb.org.br has SRV record 0 100 389 dominio01.ccb.org.br. [root@dominio01 init.d]# host -t SRV _kerberos._udp.ccb.org.br _kerberos._udp.ccb.org.br has SRV record 0 100 88 dominio01.ccb.org.br. Verificando o Kerberos [root@dominio01 init.d]# rpm -qa |grep krb5 krb5-devel-1.10.3-10.el6_4.4.i686 krb5-libs-1.10.3-10.el6_4.4.i686 krb5-workstation-1.10.3-10.el6_4.4.i686 Configurando o Kerberos Apenas os itens em negrito devem ser alterados. [root@dominio01 etc]# vim /etc/krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log

admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = CCB.ORG.BR dns_lookup_realm = false dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = true [realms] EXAMPLE.COM = { kdc = kerberos.example.com admin_server = kerberos.example.com } [domain_realm] .example.com = EXAMPLE.COM example.com = EXAMPLE.COM Testando a autenticao [root@dominio01 etc]# kinit administrator@CCB.ORG.BR Password for administrator@CCB.ORG.BR: Warning: Your password will expire in 41 days on Fri Oct 25 15:43:08 2013 Verificando as credenciais [root@dominio01 etc]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrator@CCB.ORG.BR Valid starting Expires Service principal 09/13/13 15:18:33 09/14/13 01:18:33 krbtgt/CCB.ORG.BR@CCB.ORG.BR renew until 09/20/13 15:18:29

Time Server ( NTP ) Instalando o servidor e o cliente

[root@dominio01 etc]# yum -y install ntp ntpdate Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.globo.com * extras: mirror.globo.com * updates: mirror.globo.com Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package ntp.i686 0:4.2.4p8-3.el6.centos will be installed ---> Package ntpdate.i686 0:4.2.4p8-3.el6.centos will be installed --> Finished Dependency Resolution Dependencies Resolved ==================================================================================================================================== ======================== Package Arch Version Repository Size ==================================================================================================================================== ======================== Installing:

ntp 436 k ntpdate 57 k

i686 i686

4.2.4p8-3.el6.centos 4.2.4p8-3.el6.centos

base base

Transaction Summary ==================================================================================================================================== ======================== Install 2 Package(s) Total download size: 493 k Installed size: 1.2 M Downloading Packages: (1/2): ntp-4.2.4p8-3.el6.centos.i686.rpm | 436 kB 00:00 (2/2): ntpdate-4.2.4p8-3.el6.centos.i686.rpm | 57 kB 00:00 ----------------------------------------------------------------------------------------------------------------------------------------------------------Total 1.0 MB/s | 493 kB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : ntpdate-4.2.4p8-3.el6.centos.i686 1/2 Installing : ntp-4.2.4p8-3.el6.centos.i686 2/2 Verifying : ntpdate-4.2.4p8-3.el6.centos.i686 1/2 Verifying : ntp-4.2.4p8-3.el6.centos.i686 2/2 Installed: ntp.i686 0:4.2.4p8-3.el6.centos Complete! ntpdate.i686 0:4.2.4p8-3.el6.centos

Configurando o servidor de Horas ( TimeServer ) Edite o arquivo /etc/ntp.conf, e execute as alteraes como mostrado abaixo. # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). # # # # Linhas comentadas server 0.centos.pool.ntp.org server 1.centos.pool.ntp.org server 2.centos.pool.ntp.org

# Linhas adicionadas server a.ntp.br server b.ntp.br server c.ntp.br Integrao TimeServer com Samba4 No final do arquivo ntp.conf incluir as linhas abaixo. # INTEGRACAO COM O SAMBA4 ntpsigndsocket /usr/local/samba/var/lib/ntpsignd/ restrict default mssntp Colocando pra funcionar [root@dominio01 etc]# ntpdate -b a.ntp.br 13 Sep 12:30:03 ntpdate[1756]: step time server 200.160.0.8 offset -10798.714789 sec [root@dominio01 etc]# service ntpd start Iniciando o ntpd: [ OK ]

[root@dominio01 etc]# chkconfig ntpd on