<pre> sed -i s/^SELINUX=.*$/SELINUX=disabled/ /etc/selinux/config setenforce 0 systemctl disable firewalld –now echo «`hostname -I` `hostname` `hostname -s`» » /etc/hosts </pre> <pre> dnf install epel-release -y dnf install mc htop -y dnf groups -y install «Development Tools» dnf -y install dbus-devel iniparser python36-devel gnutls-devel libacl-devel openldap-devel pam-devel readline-devel krb5-devel cups-devel lmdb lmdb-devel jansson-devel gpgme-devel libarchive-devel krb5-workstation perl-Parse-Yapp rpcgen libtirpc-devel python3-dns python3-cryptography python3-pyasn1 python3-markdown –enablerepo=powertools </pre>
<pre> curl -O https://download.samba.org/pub/samba/stable/samba-4.13.6.tar.gz tar zxvf samba-4.13.6.tar.gz cd samba-4.13.6 </pre>
<pre> ./configure \ –prefix=/usr \ –localstatedir=/var \ –with-configdir=/etc/samba \ –libdir=/usr/lib64 \ –with-modulesdir=/usr/lib64/samba \ –with-pammodulesdir=/lib64/security \ –with-lockdir=/var/lib/samba \ –with-logfilebase=/var/log/samba \ –with-piddir=/run/samba \ –with-privatedir=/etc/samba \ –enable-cups \ –with-acl-support \ –with-ads \ –with-automount \ –enable-fhs \ –with-pam \ –with-quotas \ –with-shared-modules=idmap_rid,idmap_ad,idmap_hash,idmap_adex \ –with-syslog \ –with-utmp \ –with-dnsupdate \ –enable-selftest –with-ads –with-systemd –with-winbind </pre>
<pre> make make install </pre>
<pre> mv /etc/samba/smb.conf /etc/samba/smb.conf.bak mv /etc/krb5.conf /etc/krb5.conf.bak </pre>
<pre> cat « EOF > /usr/lib/systemd/system/samba.service [Unit] Description=Samba AD Daemon Wants=network-online.target After=network.target network-online.target rsyslog.service
[Service] Type=forking PIDFile=/run/samba/samba.pid LimitNOFILE=16384 ExecStart=/usr/sbin/samba –daemon ExecReload=/bin/kill -HUP \$MAINPID
[Install] WantedBy=multi-user.target EOF
systemctl enable samba </pre>
* вторичный контроллер
<pre> cat « EOF > /etc/krb5.conf [libdefaults]
dns_lookup_realm = false dns_lookup_kdc = true default_realm = AUGIN.RU
EOF
</pre> <pre> kinit administrator </pre> <pre> klist </pre> <pre> samba-tool domain join augin.ru DC -U«AUGIN\administrator» –dns-backend=SAMBA_INTERNAL </pre> systemctl start samba
* новый домен <pre> samba-tool domain provision –use-rfc2307 –interactive </pre>
<pre> cp /etc/samba/krb5.conf /etc/ nmcli connection modify eth0 ipv4.dns 127.0.0.1 nmcli connection down eth0; nmcli connection up eth0 </pre>
<pre>
# show domain level [root@smb ~]# samba-tool domain level show Domain and forest function level for domain 'DC=srv,DC=world'
Forest function level: (Windows) 2008 R2 Domain function level: (Windows) 2008 R2 Lowest function level of a DC: (Windows) 2008 R2
# add a domain user [root@smb ~]# samba-tool user create cent New Password: # set password Retype Password: User 'cent' created successfully </pre>