再sambaaddcインストール作業ログon ubuntuServer 23.10

日本語キーボード化

sudo apt update
sudo dpkg-reconfigure keyboard-configuration

Generic 105-key PC
Japanese
Japanese
The default for the keyboard layout
No compose key
少し待つ
sudo reboot

OpenSSH

sudo usermod -aG sudo <ユーザ名>
sudo apt update
sudo apt install openssh-server
sudo systemctl enable ssh
sudo systemctl start ssh
sudo systemctl status ssh

samba-ad-dc

timedatectl set-timezone Asia/Tokyo

systemctl disable systemd-resolved.service
echo "nameserver 8.8.8.8" | sudo tee /etc/resolv.conf
[sudo] password for <ユーザ名>:
nameserver 8.8.8.8
sudo apt install acl attr dnsutils krb5-config krb5-user samba samba-dsdb-modules samba-vfs-modules smbclient winbind

EXAMPLE.LOCAL
example.local
example.local

sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.org
sudo mv /etc/krb5.conf /etc/krb5.conf.org
sudo samba-tool domain provision --use-rfc2307 --interactive

EXAMPLE.LOCAL
Enter
Enter
Enter
8.8.8.8
大文字小文字数字パスワード

sudo cp /var/lib/samba/private/krb5.conf /etc/
sudo systemctl stop smbd.service nmbd.service winbind.service
sudo systemctl disable smbd.service nmbd.service winbind.service

Synchronizing state of smbd.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable smbd
Synchronizing state of nmbd.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable nmbd
Synchronizing state of winbind.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable winbind
Removed "/etc/systemd/system/multi-user.target.wants/winbind.service".
Removed "/etc/systemd/system/multi-user.target.wants/nmbd.service".
Removed "/etc/systemd/system/multi-user.target.wants/smbd.service".

systemctl unmask samba-ad-dc.service

==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-unit-files ====
Authentication is required to manage system service or unit files.
Authenticating as: <ユーザ名>
Password:
==== AUTHENTICATION COMPLETE ====
==== AUTHENTICATING FOR org.freedesktop.systemd1.reload-daemon ====
Authentication is required to reload the systemd state.
Authenticating as: <ユーザ名>
Password:
==== AUTHENTICATION COMPLETE ====

systemctl enable samba-ad-dc.service

Synchronizing state of samba-ad-dc.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable samba-ad-dc
==== AUTHENTICATING FOR org.freedesktop.systemd1.reload-daemon ====
Authentication is required to reload the systemd state.
Authenticating as: <ユーザ名>
Password:
==== AUTHENTICATION COMPLETE ====
==== AUTHENTICATING FOR org.freedesktop.systemd1.reload-daemon ====
Authentication is required to reload the systemd state.
Authenticating as: <ユーザ名>
Password:
==== AUTHENTICATION COMPLETE ====
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-unit-files ====
Authentication is required to manage system service or unit files.
Authenticating as: <ユーザ名>
Password:
==== AUTHENTICATION COMPLETE ====
==== AUTHENTICATING FOR org.freedesktop.systemd1.reload-daemon ====
Authentication is required to reload the systemd state.
Authenticating as: <ユーザ名>
Password:
==== AUTHENTICATION COMPLETE ====

systemctl start samba-ad-dc.service

==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ====
Authentication is required to start 'samba-ad-dc.service'.
Authenticating as: <ユーザ名>
Password:
==== AUTHENTICATION COMPLETE ====

systemctl status samba-ad-dc.service

● samba-ad-dc.service - Samba AD Daemon
     Loaded: loaded (/lib/systemd/system/samba-ad-dc.service; enabled; preset: enabled)
     Active: active (running) since Fri 2024-04-19 15:05:44 JST; 13s ago
       Docs: man:samba(8)
             man:samba(7)
             man:smb.conf(5)
    Process: 2972 ExecCondition=/usr/share/samba/is-configured samba (code=exited, status=0/SUCCESS)
   Main PID: 2974 (samba)
     Status: "samba: ready to serve connections..."
      Tasks: 59 (limit: 4430)
     Memory: 177.6M
        CPU: 15.765s
     CGroup: /system.slice/samba-ad-dc.service
             ├─2974 "samba: root process"
             ├─2975 "samba: tfork waiter process(2976)"
             ├─2976 "samba: task[s3fs] pre-fork master"
             ├─2977 "samba: tfork waiter process(2979)"
             ├─2978 "samba: tfork waiter process(2980)"
             ├─2979 "samba: task[rpc] pre-fork master"
             ├─2980 /usr/sbin/smbd -D "--option=server role check:inhibit=yes" --foreground
             ├─2981 "samba: tfork waiter process(2983)"
             ├─2982 "samba: tfork waiter process(2985)"
             ├─2983 "samba: task[nbt] pre-fork master"
             ├─2984 "samba: tfork waiter process(2987)"
             ├─2985 "samba: task[rpc] pre-forked worker(0)"
             ├─2986 "samba: tfork waiter process(2989)"
             ├─2987 "samba: task[wrepl] pre-fork master"
             ├─2988 "samba: tfork waiter process(2990)"
             ├─2989 "samba: task[rpc] pre-forked worker(1)"
             ├─2990 "samba: task[ldap] pre-fork master"
             ├─2991 "samba: tfork waiter process(2993)"
             ├─2992 "samba: tfork waiter process(2995)"
             ├─2993 "samba: task[rpc] pre-forked worker(2)"
             ├─2994 "samba: tfork waiter process(2997)"
             ├─2995 "samba: task[cldap] pre-fork master"
             ├─2996 "samba: tfork waiter process(2998)"
             ├─2997 "samba: task[rpc] pre-forked worker(3)"
             ├─2998 "samba: task[kdc] pre-fork master"
             ├─2999 "samba: tfork waiter process(3002)"
             ├─3001 "samba: tfork waiter process(3003)"
             ├─3002 "samba: task[drepl] pre-fork master"
             ├─3003 "samba: task[kdc] pre-forked worker(0)"
             ├─3004 "samba: tfork waiter process(3006)"
             ├─3005 "samba: tfork waiter process(3008)"
             ├─3006 "samba: task[winbindd] pre-fork master"
             ├─3007 "samba: tfork waiter process(3011)"
             ├─3008 "samba: task[kdc] pre-forked worker(1)"
             ├─3009 "samba: tfork waiter process(3013)"
             ├─3010 "samba: tfork waiter process(3014)"
             ├─3011 "samba: task[ntp_signd] pre-fork master"

echo -e "nameserver 127.0.0.1\nsearch example.local" | sudo tee /etc/resolv.conf
nameserver 127.0.0.1
search example.local


sudo samba-tool computer list
RASPBERRYPI$

sudo smbclient //localhost/netlogon -UAdministrator -c 'ls'
Password for [EXAMPLE\Administrator]:
  .                                   D        0  Fri Apr 19 15:02:03 2024
  ..                                  D        0  Fri Apr 19 15:02:23 2024

                122502420 blocks of size 1024. 114957676 blocks available
                
host -t SRV _ldap._tcp.example.local
_ldap._tcp.example.local has SRV record 0 100 389 raspberrypi.example.local.

host -t SRV _kerberos._udp.example.local
_kerberos._udp.example.local has SRV record 0 100 88 raspberrypi.example.local.

host -t A example.local
example.local has address 192.168.2.154

sudo samba-tool domain passwordsettings show
[sudo] password for <ユーザ名>:
Password information for domain 'DC=example,DC=local'

Password complexity: on
Store plaintext passwords: off
Password history length: 24
Minimum password length: 7
Minimum password age (days): 1
Maximum password age (days): 42
Account lockout duration (mins): 30
Account lockout threshold (attempts): 0
Reset account lockout after (mins): 30

sudo samba-tool domain passwordsettings set --complexity=off
Password complexity deactivated!
All changes applied successfully!

sudo samba-tool domain passwordsettings set --history-length=2
Password history length changed!
All changes applied successfully!

sudo samba-tool domain passwordsettings set --min-pwd-length=4
Minimum password length changed!
All changes applied successfully!

sudo samba-tool domain passwordsettings set --max-pwd-age=0
Maximum password age changed!
All changes applied successfully!

cat /etc/hosts
# Your system has configured 'manage_etc_hosts' as True.
# As a result, if you wish for changes to this file to persist
# then you will need to either
# a.) make changes to the master file in /etc/cloud/templates/hosts.debian.tmpl
# b.) change or remove the value of 'manage_etc_hosts' in
#     /etc/cloud/cloud.cfg or cloud-config from user-data
#
127.0.1.1 raspberrypi raspberrypi
127.0.0.1 localhost

# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

cat /etc/krb5.conf
[libdefaults]
        default_realm = EXAMPLE.LOCAL
        dns_lookup_realm = false
        dns_lookup_kdc = true

[realms]
EXAMPLE.LOCAL = {
        default_domain = example.local
}

[domain_realm]
        raspberrypi = EXAMPLE.LOCAL
        
cat /etc/resolv.conf
cat: /etc/resolv.conf: No such file or directory

cat /etc/samba/smb.conf
# Global parameters
[global]
        dns forwarder = 8.8.8.8
        netbios name = RASPBERRYPI
        realm = EXAMPLE.LOCAL
        server role = active directory domain controller
        workgroup = EXAMPLE
        idmap_ldb:use rfc2307 = yes

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No

[netlogon]
        path = /var/lib/samba/sysvol/example.local/scripts
        read only = No

ユーザ追加

sudo samba-tool user create <ユーザ名>
New Password:
Retype Password:
User '<ユーザ名>' added successfully

優先DNS;192.168.2.154
ドメイン名;example
ユーザ名;Administrator

ユーザー名:ozaki