# Me guio de
# https://blog.ifsg.ca/2021/01/samba-4-active-directory-domain.html
# La primer virtual es un ubuntu con ssh y una ip
# 192.168.0.191
# Voy a usar como dominio dc.cuchuflito.lan
# Y como backup el dominio dc1.cuchuflito.lan
# En el primer equipo hago
sudo vi /etc/hosts
192.168.0.191 dc.cuchuflito.lan dc
sudo apt update;sudo apt upgrade -y
sudo apt-get install -y acl attr samba samba-dsdb-modules samba-vfs-modules winbind libpam-winbind libnss-winbind libpam-krb5 krb5-config krb5-user dnsutils chrony net-tools
reino CUCHUFLITO.LAN
domain CUCHUFLITO
reino kerberos dc.cuchuflito.lan
ps -ax|grep samba
# Hago un kill sobre el primer numero de proceso que aparezca
sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.orig
sudo mv /etc/krb5.conf /etc/krb5.conf.orig
sudo samba-tool domain provision --use-rfc2307 --interactive
realm CUCHUFLITO.LAN
domain CUCHUFLITO
dc
samba_internal
9.9.9.9 8.8.8.8
sudo cp /var/lib/samba/private/krb5.conf /etc/krb5.conf
sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved
sudo unlink /etc/resolv.conf
sudo nano /etc/resolv.conf
nameserver 192.168.0.191
search cuchuflito.lan
sudo reboot
sudo samba
host -t SRV _ldap._tcp.cuchuflito.lan
host -t SRV _kerberos._udp.cuchuflito.lan
host -t A dc.cuchuflito.lan
samba -b | grep 'NTP' | awk '{print $NF}'
/var/lib/samba/ntp_signd
ls -ld /var/lib/samba/ntp_signd
sudo chown root:_chrony /var/lib/samba/ntp_signd/
sudo chmod 750 /var/lib/samba/ntp_signd/
ls -ld /var/lib/samba/ntp_signd
drwxr-x--- 2 root _chrony 4096 Jan 24 05:08 /var/lib/samba/ntp_signd
sudo vi /etc/chrony/chrony.conf
# Settings for Samba DC
allow 192.168.2.0/24 # dns netmask
ntpsigndsocket /var/lib/samba/ntp_signd
ps -ax | grep samba
1593 ? Ss 0:00 samba: root process
4319 pts/0 S+ 0:00 grep --color=auto samba
~$ sudo kill 1593
sudo systemctl mask smbd nmbd winbind
sudo systemctl disable smbd nmbd winbind
sudo systemctl stop smbd nmbd winbind
sudo systemctl unmask samba-ad-dc
sudo systemctl start samba-ad-dc
sudo systemctl enable samba-ad-dc
sudo reboot
sudo systemctl status samba-ad-dc
kinit Administrator
# Sobre el backup hago esto
sudo vi /etc/hosts
# Add the following line to the /etc/hosts file:
192.168.0.191 dc.cuchuflito.lan dc
192.168.0.192 dc1.cuchuflito.lan dc1
sudo apt-get install -y acl attr samba samba-dsdb-modules samba-vfs-modules winbind libpam-winbind libnss-winbind libpam-krb5 krb5-config krb5-user dnsutils chrony net-tools
reino CUCHUFLITO.LAN
domain CUCHUFLITO
reino kerberos dc.cuchuflito.lan
ps -ax | grep samba
1593 ? Ss 0:00 samba: root process
4319 pts/0 S+ 0:00 grep --color=auto samba
sudo kill 1593
sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.orig
sudo mv /etc/krb5.conf /etc/krb5.conf.orig
sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.orig
sudo mv /etc/krb5.conf /etc/krb5.conf.orig
sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved
sudo unlink /etc/resolv.conf
sudo nano /etc/resolv.conf
nameserver 192.168.0.191
search cuchuflito.lan
sudo reboot
sudo samba-tool domain join cuchuflito.lan DC -W AD -U Administrator
sudo cp /var/lib/samba/private/krb5.conf /etc/krb5.conf
sudo samba
host -t SRV _ldap._tcp.cuchuflito.lan
host -t SRV _kerberos._udp.cuchuflito.lan
host -t A dc1.cuchuflito.lan
samba -b | grep 'NTP' | awk '{print $NF}'
ls -ld /var/lib/samba/ntp_signd
sudo chown root:_chrony /var/lib/samba/ntp_signd/
sudo chmod 750 /var/lib/samba/ntp_signd/
ls -ld /var/lib/samba/ntp_signd
sudo vi /etc/chrony/chrony.conf
# Settings for Samba DC
allow 192.168.0.0/24 # dns netmask
ntpsigndsocket /var/lib/samba/ntp_signd
ps -ax | grep samba
sudo kill 1105
sudo systemctl mask smbd nmbd winbind
sudo systemctl disable smbd nmbd winbind
sudo systemctl stop smbd nmbd winbind
sudo systemctl unmask samba-ad-dc
sudo systemctl start samba-ad-dc
sudo systemctl enable samba-ad-dc
sudo reboot
sudo systemctl status samba-ad-dc
sudo systemctl restart samba-ad-dc
kinit Administrator
# Quería hacerlo andar en docker, pero no logre dar con la forma de unir a dominio el backup. Así que lo hice a la vieja usanza.
May 10, 2024 at 10:23 pm
mkdir dns
cd dns
vi docker-compose.yml
version: '3'
services:
bind9:
image: ubuntu/bind9
container_name: bind9
environment:
- BIND9_USER=root
- TZ=America/Argentina/Buenos_Aires
volumes:
- ./config:/etc/bind
- ./cache:/var/cache/bind
- ./records:/var/lib/bind
network_mode: host
restart: always
docker-compose up -d
May 6, 2024 at 3:27 pm
sudo systemctl disable systemd-resolved.service
sudo systemctl stop systemd-resolved
sudo rm -f /etc/resolv.conf
sudo tee /etc/resolv.conf << END
nameserver 8.8.8.8
nameserver 1.1.1.1
END
May 3, 2024 at 8:09 pm
# Me guió de
# https://github.com/Fmstrat/samba-domain
mkdir smb
cd smb
mkdir -p samba/{data,config}
mkdir -p samba/config/samba
vi docker-compose.yml
version: '2.4'
services:
samba:
image: nowsci/samba-domain
container_name: samba
volumes:
- /etc/localtime:/etc/localtime:ro
- ./samba/data/:/var/lib/samba
- ./samba/config/samba:/etc/samba/external
environment:
- DOMAIN=CORP.PABLOSKY.LAN
- DOMAIN_DC=dc=corp,dc=pablosky,dc=lan
- DOMAIN_EMAIL=pablosky.lan
- DOMAINPASS=UnaCl4v35eGurayNAdAS9
- DNSFORWARDER=192.168.0.1
- HOSTIP=192.168.0.230
ports:
- 192.168.0.230:53:53
- 192.168.0.230:53:53/udp
- 192.168.0.230:88:88
- 192.168.0.230:88:88/udp
- 192.168.0.230:123:123
- 192.168.0.230:123:123/udp
- 192.168.0.230:135:135
- 192.168.0.230:137-138:137-138/udp
- 192.168.0.230:139:139
- 192.168.0.230:389:389
- 192.168.0.230:389:389/udp
- 192.168.0.230:445:445
- 192.168.0.230:464:464
- 192.168.0.230:464:464/udp
- 192.168.0.230:636:636
- 192.168.0.230:1024-1044:1024-1044
- 192.168.0.230:3268-3269:3268-3269
dns_search:
- corp.pablosky.lan
dns:
- 192.168.0.230
- 192.168.0.1
hostname: CORPPABLOSKYLAN
cap_add:
- NET_ADMIN
- SYS_NICE
- SYS_TIME
devices:
- /dev/net/tun
privileged: true
restart: always
abril 16, 2024 at 6:50 pm
# Me guió de
# https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-20-04-es
sudo apt install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable"
sudo apt update
sudo apt install docker-ce
sudo systemctl status docker
sudo usermod -aG docker ${USER}
su - ${USER}
id -nG
sudo usermod -aG docker username
# Y de
# https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-compose-on-ubuntu-20-04-es
sudo curl -L "https://github.com/docker/compose/releases/download/1.26.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
docker-compose --version
abril 8, 2024 at 7:28 pm
# Me guió de
# https://raspberrypi.stackexchange.com/questions/12869/how-to-solve-encountered-a-section-with-no-package-header-error
# El error es
Leyendo lista de paquetes... ¡Error!
E: Encountered a section with no Package: header
E: Problem with MergeList /var/lib/apt/lists/deb.debian.org_debian_dists_bookworm_main_binary-amd64_Packages
E: No se pudieron analizar o abrir las listas de paquetes o el archivo de estado.
# La solución
sudo rm /var/lib/apt/lists/* -vf
sudo apt-get update
abril 3, 2024 at 2:33 pm
# Me guió de
# https://www.ionos.com/digitalguide/server/configuration/change-dns-server-on-ubuntu/#:~:text=Step%201%3A%20Launch%20the%20system,server%20connection%20for%20a%20moment.
sudo apt install resolvconf
sudo systemctl status resolvconf.service
sudo systemctl start resolvconf.service
sudo systemctl enable resolvconf.service
sudo systemctl status resolvconf.service
sudo vi /etc/resolvconf/resolv.conf.d/head
nameserver 192.168.0.33
nameserver 1.1.1.1
sudo resolvconf --enable-updates
sudo resolvconf -u
sudo systemctl restart resolvconf.service
sudo systemctl restart systemd-resolved.service
resolvectl status
marzo 26, 2024 at 6:11 pm
# Me guió de esto
https://github.com/Ramhm/openldap/blob/master/docker-compose.yml
mkdir openldap
cd openldap
vi docker-compose.yml
version: '3.7'
services:
openldap:
image: osixia/openldap:latest
container_name: openldap
hostname: openldap
env_file: ./.env
ports:
- "389:389"
- "636:636"
volumes:
- ./data/certificates:/container/service/slapd/assets/certs
- ./data/slapd/database:/var/lib/ldap
- ./data/slapd/config:/etc/ldap/slapd.d
environment:
- LDAP_ORGANISATION=${LDAP_ORGANISATION}
- LDAP_DOMAIN=${LDAP_DOMAIN}
- LDAP_ADMIN_USERNAME=${LDAP_ADMIN_USERNAME}
- LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
- LDAP_CONFIG_PASSWORD=${LDAP_CONFIG_PASSWORD}
- LDAP_BASE_DN=${LDAP_BASE_DN}
- LDAP_TLS_CRT_FILENAME=${LDAP_TLS_CRT_FILENAME}
- LDAP_TLS_KEY_FILENAME=${LDAP_TLS_KEY_FILENAME}
- LDAP_TLS_CA_CRT_FILENAME=${LDAP_TLS_CA_CRT_FILENAME}
- LDAP_READONLY_USER=${LDAP_READONLY_USER}
- LDAP_READONLY_USER_USERNAME=${LDAP_READONLY_USER_USERNAME}
- LDAP_READONLY_USER_PASSWORD=${LDAP_READONLY_USER_PASSWORD}
networks:
- openldap
phpldapadmin:
image: osixia/phpldapadmin:latest
container_name: phpldapadmin
hostname: phpldapadmin
env_file: ./.env
ports:
- "80:80"
environment:
- PHPLDAPADMIN_LDAP_HOSTS=${PHPLDAPADMIN_LDAP_HOSTS}
- PHPLDAPADMIN_HTTPS=${PHPLDAPADMIN_HTTPS}
depends_on:
- openldap
networks:
- openldap
networks:
openldap:
driver: bridge
vi .env
PHPLDAPADMIN_LDAP_HOSTS=openldap
PHPLDAPADMIN_HTTPS=false
LDAP_ORGANISATION=pablosky.org
LDAP_DOMAIN=pablosky.org
LDAP_ADMIN_USERNAME=admin
LDAP_ADMIN_PASSWORD=claveadmin
LDAP_CONFIG_PASSWORD=clave
LDAP_BASE_DN=dc=pablosky,dc=org
LDAP_TLS_CRT_FILENAME=server.crt
LDAP_TLS_KEY_FILENAME=server.key
LDAP_TLS_CA_CRT_FILENAME=pablosky.org.ca.crt
LDAP_READONLY_USER=true
LDAP_READONLY_USER_USERNAME=usuariosololectura
LDAP_READONLY_USER_PASSWORD=clavesololectura
docker-compose up -d
Ingreso con la ip y el usuario es
cn=admin,dc=pablosky,dc=org
claveadmin
marzo 20, 2024 at 3:32 pm
mkdir opld
cd opld
vi docker-compose.yml
version: '2'
services:
ldap:
image: osixia/openldap:1.5.0
container_name: ldap
environment:
- LDAP_ORGANISATION=pablosky
- LDAP_DOMAIN=pablosky.com
- "LDAP_BASE_DN=dc=pablosky,dc=com"
- LDAP_ADMIN_PASSWORD=Sarlanga
ports:
- 389:389
- 636:636
docker-compose up -d
marzo 15, 2024 at 3:17 pm
# Me guió de
# https://developer.parrot.com/docs/olympe/pip_on_debian_based_distros.html#creating-a-python-virtual-environment-on-a-debian-based-system
sudo apt-get install python3-venv
python3 -m venv my-virtual-env
. ./my-virtual-env/bin/activate
python --version
pip install --upgrade pip
pip --version
deactivate
marzo 13, 2024 at 6:17 pm
Older Posts
Comentarios recientes