Differences

This shows you the differences between two versions of the page.

--- create_domain_member [2020/04/22 15:49] – created chris
+++ create_domain_member [2020/04/22 16:17] (current) – chris
@@ Line 1: / Line 1: @@
-Install a domain member server
+===Install a domain member server===
 To let a Linux server part of a Windows administered AD domain install Debian (current Debian 10) and then do the following:
-  - "Nano /etc/ssh/sshd_config and edit to Permitrootlogin = yes"
+  * //nano /etc/ssh/sshd_config//
-  - service ssh restart
-  - apt update && apt upgrade && apt autoremove
+     Permitrootlogin = yes
-  - apt install net-tools dnsutils snmpd ntp
-  - "nano /etc/netwrok/interfces and change to static address like:
+  * //service ssh restart//
+  * //apt update && apt upgrade && apt autoremove//
+  * //apt install net-tools dnsutils snmpd ntp//
+  * //nano etc/netwrok/interfces// and change to static address like:
         iface eth0 inet static
         address 192.168.10.X
@@ Line 17: / Line 21: @@
         dns-nameservers 192.168.10.1 192.168.10.11 192.168.10.13
         dns-search domain.artit.nl"
-  - "nano /etc/snmp/snmpd.conf
-rocommunity public
+  * //nano /etc/snmp/snmpd.conf//
-sysServices 72
-proc mountd
-proc ntalkd 4
-proc sendmail 10 1
-disk / 10000
-disk /var 5%
-includeAllDisks 10%
-load 12 10 5
-trapsink localhost public
-sysLocation 52.3206680,5.5342870
-sysContact info@artit.nl
-defaultMonitors yes
-linkUpDownNotifications yes
-master agentx "
-	"nano /etc/default/snmpd
-SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid' "
-	"nano /etc/snmp/snmp.conf
-#mibs :"
-	"nano /etc/ntp.conf
-pool 0.europe.pool.ntp.org iburst
-pool 1.europe.pool.ntp.org iburst
-pool 2.europe.pool.ntp.org iburst
-pool 3.europe.pool.ntp.org iburst
-pool 0.debian.pool.ntp.org iburst
-pool 1.debian.pool.ntp.org iburst
-pool 2.debian.pool.ntp.org iburst
-pool 3.debian.pool.ntp.org iburst
-# restrict -6 default kod notrap nomodify nopeer noquery limited
+        rocommunity public
+        sysServices 72
+        proc mountd
+        proc ntalkd 4
+        proc sendmail 10 1
+        disk / 10000
+        disk /var 5%
+        includeAllDisks 10%
+        load 12 10 5
+        trapsink localhost public
+        sysLocation 52.3206680,5.5342870
+        sysContact info@artit.nl
+        defaultMonitors yes
+        linkUpDownNotifications yes
+        master agentx "
-broadcast 192.168.10.255
-# restrict ::"
+  * //nano /etc/default/snmpd//
-	service ntp restart
-	show status with ntpq -p
-	apt -y install realmd sssd sssd-tools adcli krb5-user packagekit samba-common samba-common-bin samba-libs
-	"nano /etc/resolv.conf
-domain domain.artit.nl
-search domain.artit.nl.
-nameserver 192.168.10.11
-nameserver 192.168.10.1
-nameserver 192.168.10.100"
-	realm discover DOMAIN.ARTIT.NL
-	realm join DOMAIN.ARTIT.NL
-	id administrator@DOMAIN.ARTIT.NL
-	apt -y install winbind libpam-winbind libnss-winbind krb5-config samba-dsdb-modules samba-vfs-modules
-	"nano /etc/samba/smb.conf
-# ArtIT Domain Integration of SAMBA
-[global]
+       SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid'
+  * //nano /etc/snmp/snmp.conf//
+       #mibs:
+  * //nano /etc/ntp.conf//
+       pool 0.europe.pool.ntp.org iburst
+       pool 1.europe.pool.ntp.org iburst
+       pool 2.europe.pool.ntp.org iburst
+       pool 3.europe.pool.ntp.org iburst
+       pool 0.debian.pool.ntp.org iburst
+       pool 1.debian.pool.ntp.org iburst
+       pool 2.debian.pool.ntp.org iburst
+       pool 3.debian.pool.ntp.org iburst
+       # restrict -6 default kod notrap nomodify nopeer noquery limited
+       broadcast 192.168.10.255
+       # restrict ::
+  * //service ntp restart//
+  * show status with //ntpq -p//
+  * //apt -y install realmd sssd sssd-tools adcli krb5-user packagekit samba-common samba-common-bin samba-libs//
+//Italic Text//nano /etc/resolv.conf
+      domain domain.artit.nl
+      search domain.artit.nl.
+      nameserver 192.168.10.11
+      nameserver 192.168.10.1
+      nameserver 192.168.10.100
+  * //realm discover DOMAIN.ARTIT.NL//
+  * //realm join DOMAIN.ARTIT.NL//
+  * //id administrator@DOMAIN.ARTIT.NL//
+  * //apt -y install winbind libpam-winbind libnss-winbind krb5-config samba-dsdb-modules samba-vfs-modules//
+  * //nano /etc/samba/smb.conf//
+      # ArtIT Domain Integration of SAMBA
+  [global]
+        passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n
         workgroup = VERIFY
-        realm = DOMAIN.ARTIT.NL
-        security = ads
-        idmap config * : backend = tdb
-        idmap config * : range = 3000-7999
-        idmap config DOMAIN.ARTIT.NL : backend = rid
-        idmap config DOMAIN.ARTIT.NL : range = 10000-999999
-        template homedir = /home/%U
-        template shell = /bin/bash
-        winbind use default domain = true
-        winbind offline logon = false
         winbind rpc only = yes
+        passwd program = /usr/bin/passwd %u
-        log file = /var/log/samba/log.%m
         max log size = 1000
+        security = ads
+        template homedir = /home/%U
+        os level = 20
+        idmap config * : backend = tdb
         syslog = 0
+        panic action = /usr/share/samba/panic-action %d
+        unix password sync = yes
+        realm = DOMAIN.ARTIT.NL
         usershare allow guests = Yes
-        map to guest = Bad User
         obey pam restrictions = Yes
+        idmap config domain.artit.nl : range = 10000-999999
+        wins support = true
+        winbind offline logon = false
         pam password change = Yes
-        passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n
+        log file = /var/log/samba/log.%m
-        *password\supdated\ssuccessfully*
+        template shell = /bin/bash
-        passwd program = /usr/bin/passwd %u
+        idmap config domain.artit.nl : backend = rid
-        unix password sync = yes
+        idmap config * : range = 3000-7999
         map to guest = bad user
+        winbind use default domain = true
-# Printer Section -------------------------------------------------------------------------
-[printers]
+  # Printer Section -------------------------------------------------------------------------
+  [printers]
         comment = All Printers
         browseable = yes
@@ Line 105: / Line 128: @@
         read only = yes
         create mask = 0700
-[print$]
+  [print$]
         comment = Printer Drivers
         path = /var/lib/samba/printers
@@ Line 113: / Line 136: @@
         read only = yes
         guest ok = yes
-        write list = root, administrators@DOMANIN.ARTIT.NL
+        write list = root chris @"VERIFY\Administrators" @"VERIFY\Users"
-# NETWORK SHARES --------------------------------------------------------------------------
+  # NETWORK SHARES --------------------------------------------------------------------------
-[c$]
+  [c$]
         comment = Root Share
         path = /
         guest ok = no
-        browseable = no
+        browseable = yes
         read only = no
-# NETWORK SHARES --------------------------------------------------------------------------
+        create mask = 0775
+        directory mask = 0775
+        valid users = root chris @"VERIFY\Administrators" @"VERIFY\Users"
+    ...
+  # End of configuration file --- ArtIT 22 april 2020 ---
+   * //nano /etc/nsswitch.conf//
-[c$]
+      passwd:         files systemd winbind
+      group:          files systemd winbind
-        comment = Root Share
+   * //net ads join -U Administrator//
-        path = /
+   * //systemctl restart winbind//
-        guest ok = no
+   * //Unordered List Itemwbinfo -u//
-        browseable = no
-        read only = no"
-	"nano /etc/nsswitch.conf
+You now have a running domain member in your network.
-passwd:         files systemd winbind
-group:          files systemd winbind"
-	net ads join -U Administrator
+Your ArtIT Team
-	systemctl restart winbind
+\\
-	wbinfo -u
+\\
+**[[linux|BACK]]**