Scribd
Upload
32 views

FreeBSD 11 Active Directory Member Server - SAMBA - Ninja

Uploaded by

hsabit511
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
32 views

FreeBSD 11 Active Directory Member Server - SAMBA - Ninja

Uploaded by

hsabit511
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

HOM E CONTACT

FreeBSD 11 Active Directory Member Server


Published by Geoff on August 10, 2018

This guide details how to install and configure SAMBA 4.8 as an AD member server of an Fast SSD VPSes
existing domain on FreeBSD 11.x. This is only a basic configuration with a single share that
allows Domain Users read/write access. Further configuration can be performed to restrict IRC Support
access as well as enabling ACLs to provide granular access management to directories within
#sambaninja on FreeNode
shares.

NB: I’ve started right from the beginning of installing FreeBSD and YMMV if you are not Recent Posts
installing from scratch but it’s only the samba48 package and its dependencies that are
Ubuntu 18 Active Directory Member
installed as part of this guide. You should also make sure your AD PDC FSMO is sourcing
Server
external time synchronisation because Kerberos authentication has a 5min tolerance. Clients
exceeding that tolerance will experience authentication failures with their Kerberos tickets. FreeBSD 11 Active Directory Member

Server
1. Accepted default charset.
Ubuntu 15 Active Directory Member
2. Entered hostname.
3. Unchecked docs, games and ports trees. Server

4. Accepted default auto partitioning. Ubuntu 15 Standalone Guest Server


5. Set root password.
CentOS 7 Standalone Guest Server
6. Configured network interface with IPv4 static IP.
7. Did not configure IPv6.
Recent Comments
8. Entered AD DC domain and IP DNS settings.
9. Set timezone. stoe on FreeBSD 11 Active Directory
10. Added NTPD to the SSHD and dumpdev services to load at startup. Member Server
11. Did not add any additional users.
12. Exited the installer and rebooted.
Tags
13. Modified /etc/ssh/sshd_config to permit root login
#PermitRootLogin no CentOS Debian FreeBSD Linux RHEL
PermitRootLogin yes

SAMBA Ubuntu
14. Restart SSHD
service sshd restart

15. Update system:


freebsd-update fetch
freebsd-update install

16. Modified /etc/sysctl.conf


kern.maxfiles=25600
kern.maxfilesperproc=16384
net.inet.tcp.sendspace=65536
net.inet.tcp.recvspace=65536

17. Install the “pkg” package manager and update the repository
pkg
pkg update

18. Install Samba 4.8


pkg install samba48

19. Create /etc/krb5.conf


[libdefaults]
default_realm = TEST.LOCAL
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = yes

20. Update /etc/nsswitch.conf


group: files winbind
passwd: files winbind

21. Create /usr/local/etc/smb4.conf


[global]
workgroup = TEST
server string = Samba Server Version %v
security = ads
realm = TEST.LOCAL
domain master = no
local master = no
preferred master = no
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072
use sendfile = true

idmap config * : backend = tdb


idmap config * : range = 100000-299999
idmap config TEST : backend = rid
idmap config TEST : range = 10000-99999
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind nested groups = yes
winbind refresh tickets = yes
template homedir = /home/%D/%U
template shell = /bin/false

client use spnego = yes


client ntlmv2 auth = yes
encrypt passwords = yes
restrict anonymous = 2
log file = /var/log/samba4/log.%m
max log size = 50

#============================ Share Definitions ==============================

[testshare]
comment = Test share
path = /samba/testshare
read only = no
force group = "Domain Users"
directory mode = 0770
force directory mode = 0770
create mode = 0660
force create mode = 0660

22. Join SAMBA to the domain


net ads join -U administrator
net ads testjoin
# Should report "Join is OK"

23. Enable and start SAMBA


echo "samba_server_enable=YES" >> /etc/rc.conf
echo "winbindd_enable=YES" >> /etc/rc.conf
service samba_server start

24. Test Kerberos


kinit administrator
# Enter domain admin password, should return to the prompt

klist
# Credentials cache: FILE:/tmp/krb5cc_0
# Principal: [email protected]
#
# Issued Expires Principal
# Dec 6 10:15:39 2014 Dec 6 20:15:39 2014 krbtgt/[email protected]

25. Test Winbind


wbinfo -u
# Should return domain users

wbinfo -g
# Should return domain groups

getent passwd
# Should return domain users at the end of the list with 10000+ UIDs

getent group
# Should return domain groups at the end of the list with 10000+ GIDs

If the wbinfo commands don’t work it means either there’s an error in


/usr/local/etc/smb4.conf or the winbind service isn’t running. It will usually be an
error in smb4.conf so make sure you’ve replaced TEST and TEST.LOCAL to suit your
own environment. Then restart the services

service samba_server restart

If the getent commands don’t work but wbinfo DOES return the expected results, check
your /etc/nsswitch.conf passwd: and group: lines are set correctly as above, “compat”
should be removed from both lines so they just specify “files winbind“.

26. Create the share location on the server


mkdir -p /samba/testshare
chown "administrator":"domain users" /samba/testshare
chmod 0770 /samba/testshare

You should then be able to browse the share from a Windows client and create files and
directories etc.

NB: If you get an error that the server cannot be found by the Windows client check your AD
DNS and add a hostname for your SAMBA server if it does not exist. It may not have been
automatically created during the domain join process but you should have received an error
at that point stating as much.

Categories: FREEBSD   

Tags: FreeBSD SAMBA

1 Comment

stoe · August 18, 2018 at 6:26 am

Thank you for sharing; your guides are highly appreciated.

 REPLY

Leave a Reply

Name * Email * Website

What's on your mind?

POST COM M ENT

Related Posts

FREEBSD FREEBSD

FreeBSD 10 PAM_Winbind SSH FreeBSD 10 Active Directory


Login Member Server
This guide will describe how to enable SSH This guide details how to install and configure
login to your FreeBSD server using your AD SAMBA 4.1 as an AD member server of an
credentials. You can also restrict SSH access to existing domain on FreeBSD 10.x. This is only a
members of a particular AD group. basic configuration with a single share that
allows Domain Read more…

HOM E CONTACT

You might also like