+ Responder ao Tópico



  1. #1

    Padrão Problema para configurar corretamente o samba4 como DC

    Olá pessoal, estou tentando configurar o samba4 no ubuntu 14.04 e estou enfrentado alguns problemas o qual não sei como resolver.

    Kerberos Teste:
    [email protected]:/usr/local/samba/bin# kinit [email protected]
    kinit: Cannot contact any KDC for realm 'CCBSUMARE.LOCAL' while getting initial credentials

    O outro problema é com DNS Backend: BIND9_DLZ pois estou usando esta opção e não SAMBA_INTERNAL, e em todos tutoriais que encontrei tenho que fazer esta configuração abaixo.

    sudo nano /etc/bind/named.conf
    include "/usr/local/samba/private/named.conf";

    sudo nano /usr/local/samba/private/named.conf
    dlz "AD DNS Zone" {
    # For BIND 9.8.0
    # database "dlopen /usr/local/samba/bind9/dlz_bind9.so";

    # For BIND 9.9.0
    database "dlopen /usr/local/samba/bind9/dlz_bind9_9.so";
    };

    Mas quando restarto o bind9 da erro justamente devido o comentario acima.

    [email protected]:/usr/local/samba/bin# tail -f /var/log/syslog
    Jan 3 11:34:34 srv-01 named[5202]: listening on IPv4 interface eth0, 192.168.0.3#53
    Jan 3 11:34:35 srv-01 named[5202]: generating session key for dynamic DNS
    Jan 3 11:34:35 srv-01 named[5202]: sizing zone task pool based on 6 zones
    Jan 3 11:34:35 srv-01 named[5202]: Loading 'AD DNS Zone' using driver dlopen
    Jan 3 11:34:35 srv-01 named[5202]: samba_dlz: Failed to connect to /var/lib/samba/private/dns/sam.ldb
    Jan 3 11:34:35 srv-01 named[5202]: dlz_dlopen of 'AD DNS Zone' failed
    Jan 3 11:34:35 srv-01 named[5202]: SDLZ driver failed to load.
    Jan 3 11:34:35 srv-01 named[5202]: DLZ driver failed to load.
    Jan 3 11:34:35 srv-01 named[5202]: loading configuration: failure
    Jan 3 11:34:35 srv-01 named[5202]: exiting (due to fatal error)

    Este aquivo tem esta permissão
    [email protected]:/usr/local/samba/bin# ls -la /usr/local/samba/private/dns/sam.ldb
    -rw-rw---- 1 root bind 3014656 Jan 2 00:11 /usr/local/samba/private/dns/sam.ldb

    Verificando o arquivo sam.ldb seu conteúdo trata do próprio dominio do AD CCBSUMARE.

    TDB file
    ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@m^Y^A&^P'^@^@^@^@^@^@^@^@^@^@^@^@^@^@^M�}� ��:^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@$
    ^@^@^@uSNCreated^@
    ^@^@^@uSNChanged^@^Q^@^@^@userPrincipalName^@^R^@^@^@userAccountControl^@^G^@^@^@uNCName^@ ^@^@^@uidNumber^@^L^@^@^@trustPartner^@^M^@^@^@timeVolChange^@^N^@^@^@terminalServer^@^B^@^@^@sn^@
    ^@^@^@sIDHistory^@^V^@^@^@showInAdvancedViewOnly^@^T^@^@^@servicePrincipalName^@^P^@^@^@serviceClassName^@^N^@^@^@sAMAccountType^@^N^@^@^@sAMAccountName^@^S^@^@^@rpcNsTransferSyntax^@^M^@^@^@rpcNsObjectID$
    ^@^@^@objectGUID^@^K^@^@^@objectClass^@^N^@^@^@objectCategory^@^K^@^@^@netbootGUID^@^K^@^@^@nETBIOSName^@^N^@^@^@msTSProperty02^@^N^@^@^@msTSProperty01^@^O^@^@^@msTSManagingLS4^@^O^@^@^@msTSManagingLS3^@^$
    ^@^@^@fromServer^@^H^@^@^@flatName^@^O^@^@^@fileExtPriority^@^D^@^@^@mail^@^M^@^@^@dNSTombstoned^@^G^@^@^@dnsRoot^@^K^@^@^@displayName^@^H^@^@^@dhcpType^@^B^@^@^@cn^@
    ^@^@^@cOMClassID^@^M^@^@^@birthLocation^@^U^@^@^@altSecurityIdentities^@@IDXONE^@^A^@^@^@^A^@^@^@1^@@IDXVERSION^@^A^@^@^@^A^@^@^@2^@BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB$
    ^@^@^@unicodePwd^@^L^@^@^@ntPwdHistory^@^L^@^@^@lmPwdHistory^@^W^@^@^@supplementalCredentials^@
    ^@^@^@priorValue^@^L^@^@^@currentValue^@^Q^@^@^@trustAuthOutgoing^@^Q^@^@^@trustAuthIncoming^@^S^@^@^@initialAuthOutgoing^@^S^@^@^@initialAuthIncoming^@^G^@^@^@pekList^@^Z^@^@^@msDS-ExecuteScriptPassword^$
    ^@^@^@@INDEXLIST^@^H^@^@^@@OPTIONS^@partition^@^E^@^@^@9^@^@^@DC=CCBSUMARE,DC=LOCAL:sam.ldb.d/DC=CCBSUMARE,DC=LOCAL.ldb^@[^@^@^@CN=CONFIGURATION,DC=CCBSUMARE,DC=LOCAL:sam.ldb.d/CN=CONFIGURATION,DC=CCBSUMA$
    ^@^@^@@ROOTDSE^@configurationNamingContext^@^A^@^@^@&^@^@^@CN=Configuration,DC=ccbsumare,DC=local^@defaultNamingContext^@^A^@^@^@^U^@^@^@DC=ccbsumare,DC=local^@dsServiceName^@^A^@^@^@p^@^@^@CN=NTDS Settin$
    ^@^@^@samba_dsdb^@BBBBBBBBBBBBBB`^@^@^@��^@^@H�,^@^@^@^@^@^@^@^@^@^@^@^@^@f���BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB$


    Ainda assim instalei Instalei RSAT no Windows 7 prof. para gerenciar o AD. e apesar dos erros acima o Samba4 esta funcionando + ou -, pois consigo subir o AD e introduzir uma maquina Windows 7 prof, criar usuarios, grupo e OU.

    Mas creio que para deixa-lo funcional teria que resolver este dois problemas que reportei e por isso preciso muito da ajuda do pessoal que já tem ele funcionando corretamente.

    Abraço

  2. #2

    Padrão Re: Problema para configurar corretamente o samba4 como DC

    Bom gente descobri o problema do Kerberos, o arquivo krb5.conf que o próprio Samba 4 cria na instalação fica incompleto.

    O arquivo krb5.conf do Samba4

    [libdefaults]
    default_realm = CCBSUMARE.LOCAL
    dns_lookup_realm = false
    dns_lookup_kdc = true

    Este oe o arquivo que funciuonou depois que complementei com mais informação

    [libdefaults]
    default_realm = CCBSUMARE.LOCAL
    dns_lookup_realm = false
    dns_lookup_kdc = true

    [realms]
    CCBSUMARE.LOCAL = {
    kdc = srv-pdc1.ccbsumare.local:88
    #admin_server = srv-pdc1.ccbsumare.local
    default_domain = ccbsumare.local
    }

    [domain_realm]
    .ccbsumare.local = CCBSUMARE.LOCAL
    ccbsumare.local = CCBSUMARE.LOCAL

    Agora o Samba funcionando uma beleza, testei GPO, script de mapeamento, Criação de Pasta Base dos usuários automático etc.

    Abraço