This document provides instructions for installing and configuring SAMBA 4 as an Active Directory domain controller on a Debian system. It describes steps such as installing packages, setting permissions, configuring networking, compiling and installing SAMBA from source, creating the Active Directory domain, adding user and file shares, and testing the configuration.

1. SAMBA 4 - Tutorial de Instalacao no Debian
Instalandopacotes
# apt-getinstall linux-sourcelinux-headers-$(uname -r) build-essential sshvimopenvpn
libreadline-devgitbuild-essentiallibattr1-devlibblkid-devlibgnutls28-devautoconfpython-
dev python-dnspythonlibacl1-devgdbpkg-configlibpopt-devlibldap2-devdnsutilsacl attr
libbsd-devdocbook-xsl libcups2-devkrb5-user
SetandopermissõesespeciaisdoAD
$ sudovim/etc/fstab
/dev/sdb1 /home xfs user_xattr,acl,barrier=1 1 1
# mount-oremount,rw/home
Testandopermissoesespeciais
# touchtest.txt
# setfattr-nuser.test-vtesttest.txt
# setfattr-nsecurity.test-vtest2test.txt
# getfattr-dtest.txt
# getfattr-nsecurity.test-dtest.txt
Se estivertudocorreto,oscomandosacima retornaraoessasrespostas,respectivamente:
# file:test.txt
user.test="test"
# file:test.txt
security.test="test2"
Instalandoe sincronizandoserviçode timercomPUCPR
# apt-getinstall ntpdate
# ntpdate ntp.pucpr.br

2. Setandohostname
# vim/etc/hostname
samba4
Setandoresolvedores
# vim/etc/resolv.conf
domainshark.net
searchshark.net
nameserver192.168.0.250
nameserver189.4.0.157 189.4.0.152
Setandoip
# vim/etc/network/interfaces
# The primarynetworkinterface
iface eth0inetstatic
address192.168.0.250
netmask255.255.255.0
gateway192.168.0.1
dns-nameservers192.168.0.250 189.4.0.157
dns-searchshark.net
Configurandooarquivo/etc/hosts
# vim/etc/hosts
127.0.0.1 localhost
127.0.1.1 samba4.shark.net samba4
192.168.0.250 samba4.shark.net samba4

3. # The followinglinesare desirable forIPv6capable hosts
::1 localhostip6-localhostip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
# wgethttp://ftp.samba.org/pub/samba/samba-4.1.16.tar.gz
# tar xvzf samba-4.1.16.tar.gz
# cd samba-4.1.16
# ./configure --prefix=/opt/samba --enable-debug --enable-selftest
# make
# make install
Solucaotemporariaparaexportarpath’sdo SAMBA4 compiladono/opt/samba
# exportPATH=$PATH:/opt/samba/bin/
Solucaodefinitivaparaexportarpath’sdoSAMBA4 no/opt/samba
# vim/etc/profile ( cole aofinal doarquivo)
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/samba/bin:/opt/samba
/sbin"
# . /etc/profile
RebootdoSO
# init6
Subindooserviço
# /opt/samba/sbin/samba
Ou apenas
# samba( apósexportaras path’s)

4. # psaux | grepsamba
Criandoo DominioAD
# /opt/samba/bin/samba-tooldomainprovision
Ou apenas
# samba-tool domainprovision( aposexportaraspath’s )
# Exemplode configuracaopara/etc/krb5.conf
[logging]
default= FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server=FILE:/var/log/kadmind.log
[libdefaults]
default_realm=shark.net
dns_lookup_realm=false
dns_lookup_kdc= true
ticket_lifetime=24h
renew_lifetime =7d
forwardable =true
[realms]
SHARK.NET= {
kdc = samba4.shark.net # ( aqui pode sero ip doServidor)
admin_server= samba4.shark.net
}

5. [domain_realm]
.shark.net= samba4.shark.net
shark.net= samba4.shark.net
Sobe SAMBA 4
# samba
Testandoo smb.conf
# testparm
# /opt/samba/bin/smbclient//localhost/netlogon -UAdministrator%'SUA_SENHA'-c"ls"
Consultandoclient:
# /opt/samba/bin/smbclient –version
# /opt/samba/bin/smbclient -Llocalhost-U%
VerificandozonaprimariacriadapeloSAMBA 4
# samba-tool dnszonelist127.0.0.1 --auto-U Administrator--password=SUA_SENHA
Criandozonade DNSreverso
# samba-tool dnszonecreate 127.0.0.1 0.168.192.in-addr.arpa -U Administrator--
password=SUA_SENHA
Verificandoazonareversa
# samba-tool dnszonelist127.0.0.1 --reverse -UAdministrator --password=SUA_SENHA
# verificarusabilidade
#AdicionandooRoteadordarede ao DNS
# samba-tool dnsadd192.168.0.1 0.168.192.in-addr.arpa 1 PTR roteador.shark.net -U
Administrator--password=SUA_SENHA
Desabilitandoacomplexidade de senhas

6. # samba-tool domainpasswordsettingsshow
# samba-tool domainpasswordsettingsset --complexity=off --history-length=0--min-pwd-
length=0--min-pwd-age=0
Relendoconfiguracoes
# /opt/samba/bin/smbcontrol all reload-config
Revisandousuarios
# /opt/samba/bin/samba-tooluserlist
# /opt/samba/bin/samba-toolusersetpasswordEduardo.charquero
Testandotiket
# kinitAdministrator@shark.net
# klist
Testandoo dominiocomdig
# digshark.net
Consultandokerberose ldap:
# dig-t srv_kerberos._tcp.shark.net
# dig-t srv_ldap._tcp.shark.net
# host-t A rwindows8
SetandoSAMBA 4 na inicializaçãodoSO
# vim/etc/init.d/samba
#! /bin/bash
### BEGIN INIT INFO
# Provides: samba

7. # Required-Start: $network $local_fs$remote_fs
# Required-Stop: $network $local_fs$remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description:start Samba daemons
### END INIT INFO
#
# Start/stopsthe Samba daemon (samba).
# Adapted from the Samba 3 packages.
#
SAMBAPID=/opt/samba/var/run/samba.pid
# clear conflicting settingsfrom the environment
unset TMPDIR
# See if the daemon and the config file are there
test -x /opt/samba/sbin -a -r /opt/samba/etc/ || exit 0
. /lib/lsb/init-functions
case "$1" in
start)
log_daemon_msg "Starting Samba 4 daemon" "samba"
if ! start-stop-daemon --start --quiet --oknodo --exec /opt/samba/sbin/samba -- -D; then
log_end_msg 1
exit 1
fi
log_end_msg 0
;;
stop)
log_daemon_msg "Stopping Samba 4 daemon" "samba"

8. start-stop-daemon --stop --quiet --name samba $SAMBAPID
# Wait a little and remove stale PID file
sleep 1
if [ -f $SAMBAPID ] && ! ps h `cat $SAMBAPID` > /dev/null
then
# Stale PID file (samba was succesfully stopped),
# remove it (should be removed by samba itself IMHO.)
rm -f $SAMBAPID
fi
log_end_msg 0
;;
restart|force-reload)
$0 stop
sleep 1
$0 start
;;
*)
echo "Usage: /etc/init.d/samba {start|stop|restart|force-reload}"
exit 1
;;
esac
exit 0
Setandopermissão
# chmod+x /etc/init.d/samba
# update-rc.dsambadefaults
Criandoa pasta de perfismoveis
# mkdir/opt/samba/var/profiles

9. # chmod-R 1777 profiles
Criandoo Compartilhamento
# cd /home
# mkdir/Dados
# mkdir/Dados/Diretoria...Financeiro...Rh...Comercial...Publica...Tecnico...
Adicionandodiretóriosaosmb.conf
# vim/opt/samba/etc/smb.conf
# Global parameters
[global]
workgroup= shark
realm= samba4.shark.net
netbiosname = samba4
serverrole = active directorydomaincontroller
dns forwarder= 200.189.80.43
[netlogon]
path = /opt/samba/var/locks/sysvol/xirux.local/scripts
read only= No
[sysvol]
path = /opt/samba/var/locks/sysvol
read only= No
[profiles]
Path = /opt/samba/var/profiles

10. Readonly= no
[Dados]
path = /home/Dados
comment= CompartilhamentosdaRede
read only= No
[Diretoria]
path = /home/Dados/Diretoria
comment= Pasta Diretoria
read only= No
[Rh]
path = /home/Dados/Rh
comment= PastaRh
read only= No
[Financeiro]
path = /home/Dados/Financeiro
comment= PastaFinanceiro
read only= No
[Tecnico]
path = /home/Dados/Tecnico
comment= PastaTecnico
read only= No

11. [Comercial]
path = /home/Dados/Comercial
comment= PastaComercial
read only= No
[Publica]
path = /home/Dados/Publica
comment= PastaPublica
readonly= no
SetandopermissoesaosDiretorios
# chownroot:usersDados/ -R
# chmod770 /home/dados/ -R
# chownroot:users/opt/samba/var/profiles/ -R
# chmod770 /opt/samba/var/profiles
As demaisconfiguracoesrelativasacriacaode usuarios,gerenciamentode compartilhamentos
podeme devemserfeitospelasFerramentasde GerenciamentodoWindowsServer2008,
instaladosnoWindows7ou 8.
Os perfisMoveis;Basicamente,crieiumapastaem/opt/samba/profiles,apontei no
/opt/samba/etc/smb.conf e adicionei aoperfildousuárionoAD:
samba4profiles%USERNAME%
Eduardo Charquero
Tecnólogo em Redes de Computadores
Administrador de Sistemas Linux
Linux user & 529578
e-mail: eduardo.charquero@hotmail.com