ラズベリーパイでアクティブディレクトリ

はじめに

今回はラズベリーパイでSambaを使ったActive Directoryを試してみます。

実行環境

下記バージョンで動作確認しています。

• RaspberryPi3
• Ubuntu

# uname -a
Linux ubuntu 5.3.0-1017-raspi2 #19~18.04.1-Ubuntu SMP Fri Jan 17 11:14:07 UTC 2020 aarch64 aarch64 aarch64 GNU/Linux

学習方針

バイナリパッケージを利用します。

# apt-get update

# apt-get install samba krb5-config winbind smbclient ldap-utils
# mv /etc/samba/smb.conf /etc/samba/smb.conf.org 

# samba-tool domain provision 

Realm: raspberry.pi
 Domain [raspberry]:
 Server Role (dc, member, standalone) [dc]:
 DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
 DNS forwarder IP address (write 'none' to disable forwarding) [127.0.0.53]: none
Administrator password:
Retype password:
Looking up IPv4 addresses
Looking up IPv6 addresses
More than one IPv6 address found. Using 2001:268:c0ca:9d99:ba27:ebff:fe3b:cf14
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=raspberry,DC=pi
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=raspberry,DC=pi
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf
Once the above files are installed, your Samba AD server will be ready to use
Server Role:           active directory domain controller
Hostname:              ubuntu
NetBIOS Domain:        RASPBERRY
DNS Domain:            raspberry.pi
DOMAIN SID:            S-1-5-21-271669818-82488480-2142163154

# reboot

/etc/samba/smb.confに以下の行を追加
ldap server require strong auth = no
# cat /etc/samba/smb.conf
# Global parameters
[global]
        netbios name = UBUNTU
        realm = RASPBERRY.PI
        server role = active directory domain controller
        workgroup = RASPBERRY
        ldap server require strong auth = no

[netlogon]
        path = /var/lib/samba/sysvol/raspberry.pi/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = N

# systemctl unmask samba-ad-dc
# systemctl start samba-ad-dc
# systemctl status samba-ad-dc
# systemctl enable samba-ad-dc

# ldapsearch -x -D "cn=administrator,cn=users,dc=raspberry,dc=pi" -W -b "cn=Users,dc=raspberry,dc=pi" 

#Why ラズベリーパイ？
仕事ではAWS/AZUREなどクラウドを使っていますが、個人で自由に使うにはコスト面で問題があります。１万円でUbuntuが動かせるラズベリーパイは、マックブックと一緒にどこにでも持ち運べてサーバーサイドのプログラミングのテスト環境として最適です。