這陣子為了開發整合MS Active Directory Server 的案子架設測試/開發環境,才意外發現原來Samba4已經有提供AD 的完整功能,以下是Samba4 所提供的功能:
Samba 4: Linux Active Directory Server already include:
- support of the 'Active Directory' logon and administration protocols
- new 'full coverage' testsuites
- full NTFS semantics for sharing backends
- Internal LDAP server, with AD semantics
- Internal Kerberos server, including PAC support
- fully asynchronous internals
- flexible process models
- better scalablilty from micro to very large installations
- new RPC infrastructure (PIDL)
- flexible database architecture (LDB)
- embedded scripting language (ejs)
- generic security subsystem (GENSEC)
- over 50% auto-generated code!
而安裝AD的方法又有兩種:
A. 下載source code 手動編譯安裝的方法 (官方文件的方法),可以參考以下教學
—> Extending the AD Schema on Samba4 - Part 2 <—如何增加AD User
B. 使用Sernet 所提供的yum Repo安裝方法
為什麼官方目前尚未提供yum的安裝方式呢?參考這篇文章 Samba AD DC in Fedora and RHEL
As Fedora and RHEL are using MIT Kerberos implementation as its Kerberos infrastructure of choice, the Samba Active Directory Domain Controller implementation is not available with MIT Kereberos at the moment. But we are working on it!
所以目前只有Sernet 這個組織把手動安裝的版本整合好變成可以yum安裝,只是要使用他們的Repo必須先註冊,然後他們會提供一組帳號密碼讓你access 他們的Repo
[sernet-samba-4.1] name=SerNet Samba 4.1 Packages (rhel-7) type=rpm-md baseurl=https://account:password@download.sernet.de/packages/samba/4.1/rhel/7/ gpgcheck=1 gpgkey=https://account:password@download.sernet.de/packages/samba/4.1/rhel/7/repodata/repomd.xml.key enabled=1
只要把這個Config 加入/etc/yum.d/下面,就可以輕鬆安裝Samba4
1. The SerNet build key - Install a RPM package:
wget http://ftp.sernet.de/pub/sernet-build-key-1.1-4.noarch.rpm
rpm -i sernet-build-key-1.1-4.noarch.rpm
2. 安裝
yum install -y sernet-samba-ad sernet-samba
另外要啟動Samba AD Domain 可以參考以下指令:
sudo samba-tool domain provision --realm=LAB.HOWIE.TW --domain=HOWIE --adminpass=HowieP@ssw0rd --server-role=dc
沒有留言:
張貼留言