At the end, you'll have two samba daemons running, sharing files in each Domain.
Get the latest Ubuntu, because:
- Its using ext4 natively - believe me, you'll love ext4 for fast backup copies!
- There is always a recent samba version available via apt-get
- It worked for me (tested with ubuntu-9.10-server-amd64)
- Get and burn the iso to a CD and boot the PC into it
- Choose only "basic install" - we will get the rest via "apt-get install"
- Update System:
apt-get update
apt-get upgrade - Get packages:
apt-get install krb5-config krb5-user libkrb53 libpam-krb5
apt-get install samba-common samba winbind smbclient
apt-get install ntpdate - Become root.
- Stop Samba and Winbind:
/etc/init.d/samba stop
/etc/init.d/winbind stop - Edit the former two scripts to never start Samba again:
find ### END INIT INFO and insert this line:
exit 0; - Make samba instances for every domain (in my case, alfa and paula) you want to join, using softlinks:
cd /usr/sbin/
ln -s smbd smbd.alfa
ln -s smbd smbd.paula
ln -s nmbd nmbd.alfa
ln -s nmbd nmbd.paula
ln -s winbindd winbindd.alfa
ln -s winbindd winbindd.paula - Adding a secondary interface:
As we cannot change the port samba listens to, we have to have two interfaces
eth0 is the primary interface; in my case 10.0.0.14
with the next line, we create a secondary IP:
/sbin/ifconfig eth0:0 10.0.0.21 netmask 255.255.255.0 - Updating /etc/hosts
10.0.0.21 srvalfa.alfa.local srvalfa
10.0.0.14 srvpaula.paula.local srvpaula - Configuring samba: Leave smb.conf as it is, you wont need it
- Create two configuration files:
/etc/smbalfa.conf
/etc/smbpaula.conf - In each of the configuration files you configure one of the domains.
In /etc/smbalfa.conf, the important parts are:
[global]
## Browsing/Identification ###
# Change this to the workgroup/NT-domain name your Samba server will part of
workgroup = ALFA
realm = ALFA.LOCAL
netbios name = SRVALFA
pid directory = /var/run/sambaalfa
lock directory = /var/cache/sambaalfa
private dir = /var/cache/sambaalfa
security = ADS
winbind use default domain = no
idmap uid = 600-20000
idmap gid = 600-20000
template shell = /bin/bash
winbind expand groups = 10
inherit permissions = yes
admin users = @ALFA\"domain admins"
hide files = /~*/Thumbs.db/desktop.ini/ntuser.ini/NTUSER.*/SMax.*/
veto files = /lost+found/
allow trusted domains = yes
# No printers on this host
show add printer wizard = no
disable spoolss = yes
load printers = no
printing = bsd
printcap name = /dev/null
# No usershares here
usershare max shares = 0
# By default no guests and invisible
browseable = no
guest ok = no
# server string is the equivalent of the NT Description field
server string = SRVALFA
#### Networking ####
# The specific set of interfaces / networks to bind to
# This can be either the interface name or an IP address/netmask;
# interface names are normally preferred
interfaces = 10.0.0.21
# Only bind to the named interfaces and/or networks; you must use the
# 'interfaces' option above to use this.
# It is recommended that you enable this feature if your Samba machine is
# not protected by a firewall or is a firewall itself. However, this
# option cannot handle dynamic or non-broadcast interfaces correctly.
bind interfaces only = yes - Differences with the other domains config file "smbpaula.conf":
Basically, substitute any "ALFA" with "PAULA" and "alfa" with "paula" and make sure, exactly one of the instances listens also to 127.0.0.1:
workgroup = PAULA
realm = PAULA.LOCAL
netbios name = SRVPAULA
pid directory = /var/run/sambapaula
lock directory = /var/cache/sambapaula
private dir = /var/cache/sambapaula
admin users = @PAULA\"domain admins"
server string = SRVPAULA
interfaces = 127.0.0.1, 10.0.0.14
log file = /var/log/sambapaula/log - Kerberos configuration. Make sure you have the two Windows Domains in there:
[libdefaults]
default_realm = PAULA.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
PAULA.LOCAL = {
kdc = beta2002.paula.local
admin_server = beta2002.paula.local
default_domain = paula.local
}
ALFA.LOCAL = {
kdc = alfa2001.alfa.local
admin_server = alfa2001.alfa.local
default_domain = alfa.local
}
[domain_realm]
.kerberos.server = PAULA.LOCAL
.paula.pt = PAULA.LOCAL
.alfa.local = ALFA.LOCAL - Edit /etc/pam.d/
Add this line to common-auth:
auth optional pam_smbpass.so migrate
If there is no "common-auth" file, create one with this contents:
auth [success=1 default=ignore] pam_unix.so nullok_secure
auth requisite pam_deny.so
auth required pam_permit.so
auth optional pam_smbpass.so migrate - Prepare winbindd instance environments:
mkdir -p /var/cache/sambaalfa/winbindd_privileged
chgrp winbindd_priv /var/cache/sambaalfa/winbindd_privileged
chmod 0750 /var/cache/sambaalfa/winbindd_privileged
mkdir -p /var/cache/sambapaula/winbindd_privileged
chgrp winbindd_priv /var/cache/sambapaula/winbindd_privileged
chmod 0750 /var/cache/sambapaula/winbindd_privileged
ln -s /var/cache/sambaalfa /var/run/sambaalfa
ln -s /var/cache/sambapaula /var/run/sambapaula - Start the two winbind instances:
/usr/sbin/winbindd.paula -D -s /etc/smbpaula.conf -l /var/log/sambapaula
/usr/sbin/winbindd.alfa -D -s /etc/smbalfa.conf -l /var/log/sambaalfa - Join the ALFA domain:
net ads join -U administrator -s /etc/smbalfa.conf - Join the PAULA domain:
net ads join -U administrator -s /etc/smbpaula.conf - Start the two samba instances:
/usr/sbin/smbd.paula -D -s /etc/smbpaula.conf -l /var/log/sambapaula
/usr/sbin/nmbd.paula -D -s /etc/smbpaula.conf -l /var/log/sambapaula
/usr/sbin/smbd.alfa -D -s /etc/smbalfa.conf -l /var/log/sambaalfa
/usr/sbin/nmbd.alfa -D -s /etc/smbalfa.conf -l /var/log/sambaalfa - To reload the config files, do
killall -HUP smbd.alfa
killall -HUP smbd.paula - I have created a /etc/rc.local file, which does all this on startup:
/sbin/ifconfig eth0:0 10.0.0.21 netmask 255.255.255.0
\rm -f /var/run/sambaalfa
\rm -f /var/run/sambapaula
mkdir -p /var/cache/sambaalfa/winbindd_privileged
chgrp winbindd_priv /var/cache/sambaalfa/winbindd_privileged
chmod 0750 /var/cache/sambaalfa/winbindd_privileged
mkdir -p /var/cache/sambapaula/winbindd_privileged
chgrp winbindd_priv /var/cache/sambapaula/winbindd_privileged
chmod 0750 /var/cache/sambapaula/winbindd_privileged
ln -s /var/cache/sambaalfa /var/run/sambaalfa
ln -s /var/cache/sambapaula /var/run/sambapaula
unset TMP TMPDIR
sleep 2
/usr/sbin/winbindd.paula -D -s /etc/smbpaula.conf -l /var/log/sambapaula
sleep 2
/usr/sbin/smbd.paula -D -s /etc/smbpaula.conf -l /var/log/sambapaula
/usr/sbin/nmbd.paula -D -s /etc/smbpaula.conf -l /var/log/sambapaula
sleep 2
unset TMP TMPDIR
/usr/sbin/winbindd.alfa -D -s /etc/smbalfa.conf -l /var/log/sambaalfa
sleep 2
/usr/sbin/smbd.alfa -D -s /etc/smbalfa.conf -l /var/log/sambaalfa
/usr/sbin/nmbd.alfa -D -s /etc/smbalfa.conf -l /var/log/sambaalfa
sleep 2
# Blocking port 139 as we only use 445
iptables -I INPUT 1 -p tcp --dport 139 -j DROP
exit 0 - Test connectivity to the two instances with sambaclient before trying Windows.
- Windows insists on memorizing samba details. Try to log out and to log in again before (re-)trying to connect to a new or changed samba share!
Sem comentários:
Enviar um comentário