Ambiente
Sistema Operacional: Debian 11 Netinst
IP: 192.168.0.5 / 24
Gateway: 192.168.0.1
Domínio: DOMAIN.INTRA
Requisito: SSH
Atenção, altere em VERMELHO de acordo com seu ambiente
Copiar e colar no SSH:
################################
## Altere de acordo com seu ambiente #
################################
dc_domain=DOMAIN.INTRA
dc_domain_realm=domain.intra
domain=DOMAIN
pass='P@$$w0rd'
gateway=192.168.0.1
################################
## INSTALA OS PACOTES NECESSÁRIOS
apt install -y samba winbind wget dnsutils sudo smbclient ntp
sudo DEBIAN_FRONTEND=noninteractive apt install -y krb5-user
apt install -y samba winbind wget dnsutils sudo smbclient ntp
sudo DEBIAN_FRONTEND=noninteractive apt install -y krb5-user
## DEFINE O HOSTNAME DO SERVIDOR
hostnamectl set-hostname $HOSTNAME.$dc_domain
## FAZ UM BACKUP DO ARQUIVO INTERFACES E ADICIONA INFORMAÇÕES
cp /etc/network/interfaces /etc/network/interfaces.bkp
cat >> /etc/network/interfaces << EOL
dns-search $dc_domain_realm
dns-nameservers 127.0.0.1
dns-nameservers 8.8.8.8
dns-nameservers $gateway
EOL
cat >> /etc/network/interfaces << EOL
dns-search $dc_domain_realm
dns-nameservers 127.0.0.1
dns-nameservers 8.8.8.8
dns-nameservers $gateway
EOL
## FAZ UM BACKUP DO ARQUIVO HOST E ADICIONA INFORMAÇÕES
mv /etc/hosts /etc/hosts.bkp
cat > /etc/hosts << EOL
127.0.0.1 $HOSTNAME.$dc_domain $HOSTNAME localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
EOL
cat > /etc/hosts << EOL
127.0.0.1 $HOSTNAME.$dc_domain $HOSTNAME localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
EOL
## FAZ UM BACKUP DO ARQUIVO RESOLV.CONF E ADICIONA INFORMAÇÕES
mv /etc/resolv.conf /etc/resolv.conf.bkp
cat > /etc/resolv.conf << EOL
nameserver 127.0.0.1
nameserver $gateway
domain $domain
search $dc_domain
EOL
cat > /etc/resolv.conf << EOL
nameserver 127.0.0.1
nameserver $gateway
domain $domain
search $dc_domain
EOL
# PARA SERVIÇOS PARA CONFIGURAÇÃO DO SAMBA
systemctl stop smbd nmbd
systemctl disable smbd nmbd
systemctl stop systemd-networkd
systemctl disable systemd-networkd
systemctl disable smbd nmbd
systemctl stop systemd-networkd
systemctl disable systemd-networkd
## FAZ UM BACKUP DO ARQUIVO SAMBA SMB.CONF
mv /etc/samba/smb.conf /etc/samba/smb.conf.bkp
## FAZ UM BACKUP DO ARQUIVO NTP E ADICIONA INFORMAÇÕES
cat >> /etc/ntp.conf << EOL
# Relogio Local
server 127.127.1.0
fudge 127.127.1.0 stratum 10
# Configurações adicionais para o Samba 4
ntpsigndsocket /var/lib/samba/ntp_signd/
restrict default mssntp
disable monitor
EOL
server 127.127.1.0
fudge 127.127.1.0 stratum 10
# Configurações adicionais para o Samba 4
ntpsigndsocket /var/lib/samba/ntp_signd/
restrict default mssntp
disable monitor
EOL
## ADICIONA PERMISSÕES NO ARQUIVO NTP PARA O SAMBA
sudo chown root:ntp /var/lib/samba/ntp_signd/
## PROVISIONAMENTO DO DOMINIO
samba-tool domain provision --use-rfc2307 --server-role=dc --dns-backend=SAMBA_INTERNAL --realm=$dc_domain_realm --domain=$domain --adminpass=$pass
## HABILITA O SERVIÇO DO SAMBA
systemctl unmask samba-ad-dc
systemctl enable samba-ad-dc
systemctl start samba-ad-dc
systemctl enable samba-ad-dc
systemctl start samba-ad-dc
systemctl stop winbind
systemctl stop samba-ad-dc
systemctl start samba-ad-dc
systemctl stop samba-ad-dc
systemctl start samba-ad-dc
## ADICIONA INFORMAÇÕES AO ARQUIVO SMB.CONF
sudo sed -i 's/dns forwarder = 127.0.0.1/dns forwarder = 8.8.8.8/g' /etc/samba/smb.conf
sudo sed -i 's/dns forwarder = 127.0.0.1/dns forwarder = 8.8.8.8/g' /etc/samba/smb.conf
## DEFINE SENHA NUNCA EXPIRA PARA A CONTA ADMINISTRATOR
samba-tool user setexpiry administrator --noexpiry
## MOSTRA OS COMPARTILHAMENTOS DO DOMINIO
smbclient -L localhost -N
## TESTA OS ARQUIVOS DE COMPARTILHAMENTO COM O DOMINIO
echo "$pass" | smbclient //localhost/netlogon -U Administrator -c 'ls'
## FAZ BACKUP DO ARQUIVO KRB5 E COPIA O ARQUIVO CRIADO PELO SAMBA
mv /etc/krb5.conf /etc/krb5.conf.bkp
cp /var/lib/samba/private/krb5.conf /etc/krb5.conf
cp /var/lib/samba/private/krb5.conf /etc/krb5.conf
## ADICIONA INFORMAÇÔES AO ARQUIVO KRB5.CONF
cat >> /etc/krb5.conf << EOL
.$dc_domain_realm = $dc_domain
$dc_domain_realm = $dc_domain
EOL
.$dc_domain_realm = $dc_domain
$dc_domain_realm = $dc_domain
EOL
## RECARREGA TODAS AS CONFIGURAÇÕES DO SAMBA E SERVIÇOS DEPENDENTES
smbcontrol all reload-config
systemctl restart samba-ad-dc
systemctl restart systemd-resolved
systemctl restart ntp
systemctl restart samba-ad-dc
systemctl restart systemd-resolved
systemctl restart ntp
## TESTA A CONEXÃO COM A INTERNE
ping -c4 google.com
## TESTE A CONFIGURAÇÂO NTP
sudo ntpq -p
## TESTE DE SERVIÇOS DA REDE KERBEROS E LDAP
host -t SRV _kerberos._udp.$dc_domain_realm.
host -t SRV _ldap._tcp.$dc_domain_realm.
host -t SRV _ldap._tcp.$dc_domain_realm.
## TESTE DE CONEXÃO AO DOMINIO
echo $pass | kinit administrator@$dc_domain
klist
klist
Nenhum comentário:
Postar um comentário