Debian Jessie – Administration Samba4

Debian Jessie – Administration Samba4

SAMBA 4 :

Prérequis pour l’installation de Samba 4 :

  • Installation des dépendances :
Prérequis samba 4
apt-get update && apt-get upgrade
apt-get install build-essential libacl1-dev libattr1-dev libblkid-dev libgnutls28-dev libreadline-dev python-dev python-dnspython gdb pkg-config libpopt-dev libldap2-dev dnsutils libbsd-dev attr acl krb5-user docbook-xsl libcups2-dev libpam0g-dev ntpdate ntp -y

 

  •  Téléchargement de la dernière release :
wget
wget http://ftp.samba.org/pub/samba/samba-latest.tar.gz
  •  Décompression et Compilation des sources :
make && make install
tar zxvf samba-latest.tar.gz
cd samba-latest
./configure --enable-debug --enable-selftest
make && make install

 

Ajouter les binaires Samba dans $PATH :

Modification .bashrc
echo "export PATH='\$PATH:/usr/local/samba/bin/" >>  ~/.bashrc 

Information : Permet de saisir directement les binaires samba sans passer par /usr/local/samba/bin/

Les fonctionnalités de samba-tool :

samba-tool --help
samba-tool --help
Main samba administration tool.

Options:
  -h, --help       show this help message and exit

  Version Options:
    -V, --version  Display version number

Available subcommands:
  dbcheck     - Check local AD database for errors.
  delegation  - Delegation management.
  dns         - Domain Name Service (DNS) management.
  domain      - Domain management.
  drs         - Directory Replication Services (DRS) management.
  dsacl       - DS ACLs manipulation.
  fsmo        - Flexible Single Master Operations (FSMO) roles management.
  gpo         - Group Policy Object (GPO) management.
  group       - Group management.
  ldapcmp     - Compare two ldap databases.
  ntacl       - NT ACLs manipulation.
  processes   - List processes (to aid debugging on systems without setproctitle).
  rodc        - Read-Only Domain Controller (RODC) management.
  sites       - Sites management.
  spn         - Service Principal Name (SPN) management.
  testparm    - Syntax check the configuration file.
  time        - Retrieve the time on a server.
  user        - User management.
  vampire     - Join and synchronise a remote AD domain to the local server.

 

 

Afficher la liste des utilisateurs :

  • UNIX :

 

cat /etc/shadow
cat /etc/shadow
root:$6$ZCx1JZdVyVec1Peg85/lXgp6XpvU6BDRmS6n66XLvky2zKZQJCkrjTKDjeNc0:16729:0:99999:7:::
bin:*:16489:0:99999:7:::
...
nginx:!!:16693::::::
ntp:!!:16693::::::
postgres:!!:16701::::::

 

 

  • SAMBA :
samba-tool user list
$: samba-tool user list
Administrator
krbtgt
maxime
Guest
test

 

Afficher les enregistrements de type A depuis le fichier dns_update_cache :

cat /usr/local/samba/private
cat /usr/local/samba/private/dns_update_cache | grep A
A srv1.sadmba.lan 10.151.50.160
A sadmba.lan 10.151.50.160
CNAME 993fef58-4712-4742-8d45-14cdf32d303c._msdcs.sadmba.lan srv1.sadmba.lan
A gc._msdcs.sadmba.lan 10.151.50.160
A DomainDnsZones.sadmba.lan 10.151.50.160
A ForestDnsZones.sadmba.lan 10.151.50.160

 

 

Afficher le rôle du serveur Active Directory (AD) :

samba-tool testparm
samba-tool testparm

# Global parameters
[global]
        workgroup = SADMBA
        realm = SADMBA.LAN
        netbios name = SRV1
        server role = active directory domain controller
        dns forwarder = 8.8.8.8
        idmap_ldb:use rfc2307 = yes

[netlogon]
        path = /usr/local/samba/var/locks/sysvol/sadmba.lan/scripts
        read only = No

[sysvol]
        path = /usr/local/samba/var/locks/sysvol
        read only = No

[FICHIERS]
        path = /usr/local/samba/var/locks/sysvol/sadmba.lan/FICHIERS
        read only = No

 

 

Afficher les rôles FSMO du serveur AD :

samba-tool fsmo show
samba-tool fsmo show
SchemaMasterRole owner: CN=NTDS Settings,CN=SRV1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sadmba,DC=lan
InfrastructureMasterRole owner: CN=NTDS Settings,CN=SRV1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sadmba,DC=lan
RidAllocationMasterRole owner: CN=NTDS Settings,CN=SRV1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sadmba,DC=lan
PdcEmulationMasterRole owner: CN=NTDS Settings,CN=SRV1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sadmba,DC=lan
DomainNamingMasterRole owner: CN=NTDS Settings,CN=SRV1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sadmba,DC=lan
DomainDnsZonesMasterRole owner: CN=NTDS Settings,CN=SRV1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sadmba,DC=lan
ForestDnsZonesMasterRole owner: CN=NTDS Settings,CN=SRV1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sadmba,DC=lan

 

 

Afficher la liste des GPO d’un utilisateur :

samba-tool gpo list administrator
samba-tool gpo list administrator
GPOs for user administrator
    Default Domain Policy {31B2F340-016D-11D2-945F-00C04FB984F9}

 

 

Afficher la politique de mot de passe du domaine :

samba-tool domain passwordsettings show
samba-tool domain passwordsettings show
Password informations for domain 'DC=sadmba,DC=lan'

Password complexity: on
Store plaintext passwords: off
Password history length: 24
Minimum password length: 7
Minimum password age (days): 1
Maximum password age (days): 42
Account lockout duration (mins): 30
Account lockout threshold (attempts): 0
Reset account lockout after (mins): 30

 

 

Afficher la liste des groupes :

samba-tool group list
samba-tool group list
Read-Only Domain Controllers
Administrators
Domain Computers
Domain Users
...
DnsAdmins
Guests
Users

 

 Debian Jessie :

Afficher l’architecture matériel du serveur :

lspci
lspci
00:00.0 Host bridge: Intel Corporation 440BX/ZX/DX - 82443BX/ZX/DX Host bridge (AGP disabled) (rev 03)
00:07.0 ISA bridge: Intel Corporation 82371AB/EB/MB PIIX4 ISA (rev 01)
00:07.1 IDE interface: Intel Corporation 82371AB/EB/MB PIIX4 IDE (rev 01)
00:07.3 Bridge: Intel Corporation 82371AB/EB/MB PIIX4 ACPI (rev 02)
00:08.0 VGA compatible controller: Microsoft Corporation Hyper-V virtual VGA

 

 

lshw
lshw
hyperv.fedora.desktop.batouche
    description: Desktop Computer
    product: Virtual Machine
    vendor: Microsoft Corporation
    version: 7.0
    serial: 5328-2515-4488-0565-7163-2132-29
    width: 64 bits
    capabilities: smbios-2.3 dmi-2.3 vsyscall32
    configuration: boot=normal chassis=desktop uuid=40266E7B-80A6-8344-A50A-8B39F004FF71
  *-core
       description: Motherboard
       product: Virtual Machine
       vendor: Microsoft Corporation
       physical id: 0
       version: 7.0
       serial: 5328-2515-4488-0565-7163-2132-29
     *-firmware
          description: BIOS
          vendor: American Megatrends Inc.
          physical id: 0
          version: 090006
          date: 05/23/2012
          size: 64KiB
          capacity: 192KiB
          capabilities: isa pci pnp upgrade shadowing escd cdboot bootselect socketedrom edd int13floppy360 int13floppy1200 int13floppy720 int13floppy2880 int5printscreen int9keyboard int14serial int17printer int10video agp ls120boot zipboot biosbootspecification
     *-cpu:0
          description: CPU
          product: Core i5 (None)
          vendor: Intel Corp.
          physical id: 5
          bus info: cpu@0
          version: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz
          serial: None
          slot: None
          size: 2500MHz
          capacity: 2700MHz
          width: 64 bits
          clock: 100MHz
capabilities: fpu fpu_exception wp vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss syscall nx x86-64 constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch fsgsbase bmi1 avx2 smep bmi2 erms rdseed adx smap xsaveopt
     *-memory
          description: System Memory
          physical id: 51
          size: 2GiB
        *-bank:0
             product: None
             vendor: Microsoft
             physical id: 0
             serial: None
             slot: M0
             size: 2GiB
        
     *-pci
          description: Host bridge
          product: 440BX/ZX/DX - 82443BX/ZX/DX Host bridge (AGP disabled)
          vendor: Intel Corporation
          physical id: 100
          bus info: pci@0000:00:00.0
          version: 03
          width: 32 bits
          clock: 33MHz
        *-isa
             description: ISA bridge
             product: 82371AB/EB/MB PIIX4 ISA
             vendor: Intel Corporation
             physical id: 7
             bus info: pci@0000:00:07.0
             version: 01
             width: 32 bits
             clock: 33MHz
             capabilities: isa bus_master
             configuration: latency=0
        *-ide
             description: IDE interface
             product: 82371AB/EB/MB PIIX4 IDE
             vendor: Intel Corporation
             physical id: 7.1
             bus info: pci@0000:00:07.1
             version: 01
             width: 32 bits
             clock: 33MHz
             capabilities: ide bus_master
             configuration: driver=ata_piix latency=0
             resources: irq:0 ioport:1f0(size=8) ioport:3f6 ioport:170(size=8) ioport:376 ioport:ffa0(size=16)
        *-bridge UNCLAIMED
             description: Bridge
             product: 82371AB/EB/MB PIIX4 ACPI
             vendor: Intel Corporation
             physical id: 7.3
             bus info: pci@0000:00:07.3
             version: 02
             width: 32 bits
             clock: 33MHz
             capabilities: bridge
             configuration: latency=0
        *-display
             description: VGA compatible controller
             product: Hyper-V virtual VGA
             vendor: Microsoft Corporation
             physical id: 8
             bus info: pci@0000:00:08.0
             version: 00
             width: 32 bits
             clock: 33MHz
             capabilities: vga_controller bus_master rom
             configuration: driver=hyperv_fb latency=0
             resources: irq:11 memory:f8000000-fbffffff
     *-scsi:0
          physical id: 1
          logical name: scsi1
          capabilities: emulated
        *-cdrom
             description: DVD reader
             physical id: 0.0.0
             bus info: scsi@1:0.0.0
             logical name: /dev/cdrom
             logical name: /dev/sr0
             capabilities: audio dvd
             configuration: status=nodisc
     *-scsi:1
          physical id: 2
          logical name: scsi2
        *-disk
             description: SCSI Disk
             physical id: 0.0.0
             bus info: scsi@2:0.0.0
             logical name: /dev/sda
             size: 127GiB (136GB)
             capabilities: partitioned partitioned:dos
             configuration: logicalsectorsize=512 sectorsize=4096 signature=12827019
           *-volume:0
                description: EXT4 volume
                vendor: Linux
                physical id: 1
                bus info: scsi@2:0.0.0,1
                logical name: /dev/sda1
                logical name: /boot
                version: 1.0
                serial: 136d61ec-fd77-4eec-ae3c-548ffa5cc289
                size: 500MiB
                capacity: 500MiB
                capabilities: primary bootable journaled extended_attributes huge_files dir_nlink extents ext4 ext2 initialized
                configuration: created=2015-09-15 21:23:28 filesystem=ext4 lastmountpoint=/boot modified=2015-11-12 17:11:57 mount.fstype=ext4 mount.options=rw,relatime,stripe=4,data=ordered mounted=2015-11-12 11:13:40 state=mounted
           *-volume:1
                description: Linux LVM Physical Volume partition
                physical id: 2
                bus info: scsi@2:0.0.0,2
                logical name: /dev/sda2
                serial: xc24X8-srg4-XM9H-Uhjc-58jN-62ys-1eigHv
                size: 126GiB
                capacity: 126GiB
                capabilities: primary multi lvm2
  *-network:1
       description: Ethernet interface
       physical id: 2
       logical name: eth0
       serial: 00:15:5d:25:01:04
       capabilities: ethernet physical
       configuration: broadcast=yes driver=hv_netvsc firmware=N/A ip=10.151.50.158 link=yes multicast=yes

 

 

Vider le cache DNS :

Information : Le service nscd n’est pas installé par défaut sur debian 8

systemctl restart nscd
apt-get install nscd #Installer le package
systemctl restart nscd #redémarrer le service

 

Afficher la consommation des ressources physiques :

  • Avec top :
top
top
top - 13:43:16 up 22:09,  4 users,  load average: 0,00, 0,03, 0,05
Tasks: 117 total,   1 running, 116 sleeping,   0 stopped,   0 zombie
%Cpu(s):  0,0 us,  0,0 sy,  0,0 ni,100,0 id,  0,0 wa,  0,0 hi,  0,0 si,  0,0 st
KiB Mem:   2058364 total,   604836 used,  1453528 free,    53012 buffers
KiB Swap:   392188 total,        0 used,   392188 free.   239168 cached Mem

 

  • Avec htop :
htop
apt-get install htop

 

samba4 htop debian jessie

 

  • et avec glances -> :
apt-get install glances
glances

 

glances debian jessie monitor

 

www.pdf24.org    Envoyer l'article en PDF   
Posted on: 13 novembre 2015maxbe