将samba设置为Active Directory控制器

交互模式设置	非交互模式设置	说明
--use-rfc2307	--use-rfc2307	启用ADUC Unix属性选项卡所需的NIS扩展。
Realm	--realm	kerberos领域。AD DNS域的大写版本。例如： SAMDOM.EXAMPLE.COM
Domain	--domain	NetBIOS域名（工作组）。这可以是任何内容，但必须是一个单词，不超过15个字符，并且不包含点。建议使用AD DNS域的第一部分。例如 samdom 不要使用计算机短主机名。
Server Role	--server-role	安装与控制器DC角色。
DNS backend	--dns-backend	设置DNS后台。 AD中第一个DC必须使用DNS后台安装。注意，不支持BIND9_FLATFILE和NONE。
DNS forwarder IP address	[无效]	仅当使用SAMBA_INTERNAL后台时此设置才有效
Administrator password	--adminpass	设置域管理员密码。密码必须符合复杂性要求^*。

root@X61s:/usr/ports/net/samba413 # samba-tool domain provision --use-rfc2307 --interactive
Realm [LOCAL]:  SAMDOM.EXAMPLE.COM
Domain [SAMDOM]:SAMDOM
Server Role (dc, member, standalone) [dc]:dc
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:SAMBA_INTERNAL
DNS forwarder IP address (write 'none' to disable forwarding) [8.8.8.8]:8.8.8.8
Administrator password:Passw0rd
Retype password:Passw0rd
INFO 1988-01-01 15:05:05,392 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #2131: Looking up IPv4 addresses
INFO 1988-01-01 15:05:05,393 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #2148: Looking up IPv6 addresses
WARNING 1988-01-01 15:05:05,394 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #2155: No IPv6 address will be assigned
INFO 1988-01-01 15:05:06,462 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #2299: Setting up share.ldb
INFO 1988-01-01 15:05:06,515 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #2303: Setting up secrets.ldb
INFO 1988-01-01 15:05:06,558 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #2308: Setting up the registry
INFO 1988-01-01 15:05:06,706 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #2311: Setting up the privileges database
INFO 1988-01-01 15:05:06,778 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #2314: Setting up idmap db
INFO 1988-01-01 15:05:06,831 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #2321: Setting up SAM db
INFO 1988-01-01 15:05:06,854 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #897: Setting up sam.ldb partitions and settings
INFO 1988-01-01 15:05:06,856 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #909: Setting up sam.ldb rootDSE
INFO 1988-01-01 15:05:06,863 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #1322: Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs

INFO 1988-01-01 15:05:06,956 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #1400: Adding DomainDN: DC=samdom,DC=example,DC=com
INFO 1988-01-01 15:05:06,991 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #1432: Adding configuration container
INFO 1988-01-01 15:05:07,025 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #1447: Setting up sam.ldb schema
INFO 1988-01-01 15:05:13,488 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #1465: Setting up sam.ldb configuration data
INFO 1988-01-01 15:05:13,861 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #1506: Setting up display specifiers
INFO 1988-01-01 15:05:18,064 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #1514: Modifying display specifiers and extended rights
INFO 1988-01-01 15:05:18,146 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #1521: Adding users container
INFO 1988-01-01 15:05:18,150 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #1527: Modifying users container
INFO 1988-01-01 15:05:18,152 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #1530: Adding computers container
INFO 1988-01-01 15:05:18,155 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #1536: Modifying computers container
INFO 1988-01-01 15:05:18,157 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #1540: Setting up sam.ldb data
INFO 1988-01-01 15:05:18,487 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #1570: Setting up well known security principals
INFO 1988-01-01 15:05:18,568 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #1584: Setting up sam.ldb users and groups
INFO 1988-01-01 15:05:18,883 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #1592: Setting up self join
Repacking database from v1 to v2 format (first record CN=ms-DS-Claim-Shares-Possible-Values-With-BL,CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com)
Repack: re-packed 10000 records so far
Repacking database from v1 to v2 format (first record CN=group-Display,CN=C04,CN=DisplaySpecifiers,CN=Configuration,DC=samdom,DC=example,DC=com)
Repacking database from v1 to v2 format (first record CN=6E157EDF-4E72-4052-A82A-EC3F91021A22,CN=Operations,CN=DomainUpdates,CN=System,DC=samdom,DC=example,DC=com)
INFO 1988-01-01 15:05:21,111 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/sambadns.py #1135: Adding DNS accounts
INFO 1988-01-01 15:05:21,153 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/sambadns.py #1169: Creating CN=MicrosoftDNS,CN=System,DC=samdom,DC=example,DC=com
INFO 1988-01-01 15:05:21,195 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/sambadns.py #1182: Creating DomainDnsZones and ForestDnsZones partitions
INFO 1988-01-01 15:05:21,316 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/sambadns.py #1187: Populating DomainDnsZones and ForestDnsZones partitions
Repacking database from v1 to v2 format (first record CN=Deleted Objects,DC=DomainDnsZones,DC=samdom,DC=example,DC=com)
Repacking database from v1 to v2 format (first record DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com)
INFO 1988-01-01 15:05:21,812 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #2035: Setting up sam.ldb rootDSE marking as synchronized
INFO 1988-01-01 15:05:21,820 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #2040: Fixing provision GUIDs
INFO 1988-01-01 15:05:23,762 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #2376: A Kerberos configuration suitable for Samba AD has been generated at /var/db/samba4/private/krb5.conf
INFO 1988-01-01 15:05:23,764 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #2378: Merge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink!
INFO 1988-01-01 15:05:23,889 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #2105: Setting up fake yp server settings
INFO 1988-01-01 15:05:24,052 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #489: Once the above files are installed, your Samba AD server will be ready to use
INFO 1988-01-01 15:05:24,052 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #494: Server Role:           active directory domain controller
INFO 1988-01-01 15:05:24,053 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #495: Hostname:              X61s
INFO 1988-01-01 15:05:24,053 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #496: NetBIOS Domain:        SAMDOM
INFO 1988-01-01 15:05:24,053 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #497: DNS Domain:            samdom.example.com
INFO 1988-01-01 15:05:24,053 pid:2780 /usr/local/lib/python3.9/site-packages/samba/provision/__init__.py #498: DOMAIN SID:            S-1-5-21-1888739682-2303175097-426578690

将samba当作活动目录域控制器

准备安装

安装

配置samba Active Directory

以交互模式配置Samba AD

以非交互模式配置Samba AD

配置DNS解析器

创建反转区域(reverse zone)

配置kerberos

测试samba AD DC

验证文件服务器

验证DNS

关于将AD DC作为文件服务器