Debian Jessie – Administration Samba4
SAMBA 4 :
Prérequis pour l’installation de Samba 4 :
- Installation des dépendances :
Prérequis samba 4
apt-get update && apt-get upgrade
apt-get install build-essential libacl1-dev libattr1-dev libblkid-dev libgnutls28-dev libreadline-dev python-dev python-dnspython gdb pkg-config libpopt-dev libldap2-dev dnsutils libbsd-dev attr acl krb5-user docbook-xsl libcups2-dev libpam0g-dev ntpdate ntp -y
- Téléchargement de la dernière release :
wget
wget http://ftp.samba.org/pub/samba/samba-latest.tar.gz
- Décompression et Compilation des sources :
make && make install
tar zxvf samba-latest.tar.gz
cd samba-latest
./configure --enable-debug --enable-selftest
make && make install
Ajouter les binaires Samba dans $PATH :
Modification .bashrc
echo "export PATH='\$PATH:/usr/local/samba/bin/" >> ~/.bashrc
Information : Permet de saisir directement les binaires samba sans passer par /usr/local/samba/bin/
Les fonctionnalités de samba-tool :
samba-tool --help
samba-tool --help
Main samba administration tool.
Options:
-h, --help show this help message and exit
Version Options:
-V, --version Display version number
Available subcommands:
dbcheck - Check local AD database for errors.
delegation - Delegation management.
dns - Domain Name Service (DNS) management.
domain - Domain management.
drs - Directory Replication Services (DRS) management.
dsacl - DS ACLs manipulation.
fsmo - Flexible Single Master Operations (FSMO) roles management.
gpo - Group Policy Object (GPO) management.
group - Group management.
ldapcmp - Compare two ldap databases.
ntacl - NT ACLs manipulation.
processes - List processes (to aid debugging on systems without setproctitle).
rodc - Read-Only Domain Controller (RODC) management.
sites - Sites management.
spn - Service Principal Name (SPN) management.
testparm - Syntax check the configuration file.
time - Retrieve the time on a server.
user - User management.
vampire - Join and synchronise a remote AD domain to the local server.
Afficher la liste des utilisateurs :
- UNIX :
cat /etc/shadow
cat /etc/shadow
root:$6$ZCx1JZdVyVec1Peg85/lXgp6XpvU6BDRmS6n66XLvky2zKZQJCkrjTKDjeNc0:16729:0:99999:7:::
bin:*:16489:0:99999:7:::
...
nginx:!!:16693::::::
ntp:!!:16693::::::
postgres:!!:16701::::::
- SAMBA :
samba-tool user list
$: samba-tool user list
Administrator
krbtgt
maxime
Guest
test
Afficher les enregistrements de type A depuis le fichier dns_update_cache :
cat /usr/local/samba/private
cat /usr/local/samba/private/dns_update_cache | grep A
A srv1.sadmba.lan 10.151.50.160
A sadmba.lan 10.151.50.160
CNAME 993fef58-4712-4742-8d45-14cdf32d303c._msdcs.sadmba.lan srv1.sadmba.lan
A gc._msdcs.sadmba.lan 10.151.50.160
A DomainDnsZones.sadmba.lan 10.151.50.160
A ForestDnsZones.sadmba.lan 10.151.50.160
Afficher le rôle du serveur Active Directory (AD) :
samba-tool testparm
samba-tool testparm
# Global parameters
[global]
workgroup = SADMBA
realm = SADMBA.LAN
netbios name = SRV1
server role = active directory domain controller
dns forwarder = 8.8.8.8
idmap_ldb:use rfc2307 = yes
[netlogon]
path = /usr/local/samba/var/locks/sysvol/sadmba.lan/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[FICHIERS]
path = /usr/local/samba/var/locks/sysvol/sadmba.lan/FICHIERS
read only = No
Afficher les rôles FSMO du serveur AD :
samba-tool fsmo show
samba-tool fsmo show
SchemaMasterRole owner: CN=NTDS Settings,CN=SRV1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sadmba,DC=lan
InfrastructureMasterRole owner: CN=NTDS Settings,CN=SRV1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sadmba,DC=lan
RidAllocationMasterRole owner: CN=NTDS Settings,CN=SRV1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sadmba,DC=lan
PdcEmulationMasterRole owner: CN=NTDS Settings,CN=SRV1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sadmba,DC=lan
DomainNamingMasterRole owner: CN=NTDS Settings,CN=SRV1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sadmba,DC=lan
DomainDnsZonesMasterRole owner: CN=NTDS Settings,CN=SRV1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sadmba,DC=lan
ForestDnsZonesMasterRole owner: CN=NTDS Settings,CN=SRV1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sadmba,DC=lan
Afficher la liste des GPO d’un utilisateur :
samba-tool gpo list administrator
samba-tool gpo list administrator
GPOs for user administrator
Default Domain Policy {31B2F340-016D-11D2-945F-00C04FB984F9}
Afficher la politique de mot de passe du domaine :
samba-tool domain passwordsettings show
samba-tool domain passwordsettings show
Password informations for domain 'DC=sadmba,DC=lan'
Password complexity: on
Store plaintext passwords: off
Password history length: 24
Minimum password length: 7
Minimum password age (days): 1
Maximum password age (days): 42
Account lockout duration (mins): 30
Account lockout threshold (attempts): 0
Reset account lockout after (mins): 30
Afficher la liste des groupes :
samba-tool group list
samba-tool group list
Read-Only Domain Controllers
Administrators
Domain Computers
Domain Users
...
DnsAdmins
Guests
Users
Debian Jessie :
Afficher l’architecture matériel du serveur :
lspci
lspci
00:00.0 Host bridge: Intel Corporation 440BX/ZX/DX - 82443BX/ZX/DX Host bridge (AGP disabled) (rev 03)
00:07.0 ISA bridge: Intel Corporation 82371AB/EB/MB PIIX4 ISA (rev 01)
00:07.1 IDE interface: Intel Corporation 82371AB/EB/MB PIIX4 IDE (rev 01)
00:07.3 Bridge: Intel Corporation 82371AB/EB/MB PIIX4 ACPI (rev 02)
00:08.0 VGA compatible controller: Microsoft Corporation Hyper-V virtual VGA
lshw
lshw
hyperv.fedora.desktop.batouche
description: Desktop Computer
product: Virtual Machine
vendor: Microsoft Corporation
version: 7.0
serial: 5328-2515-4488-0565-7163-2132-29
width: 64 bits
capabilities: smbios-2.3 dmi-2.3 vsyscall32
configuration: boot=normal chassis=desktop uuid=40266E7B-80A6-8344-A50A-8B39F004FF71
*-core
description: Motherboard
product: Virtual Machine
vendor: Microsoft Corporation
physical id: 0
version: 7.0
serial: 5328-2515-4488-0565-7163-2132-29
*-firmware
description: BIOS
vendor: American Megatrends Inc.
physical id: 0
version: 090006
date: 05/23/2012
size: 64KiB
capacity: 192KiB
capabilities: isa pci pnp upgrade shadowing escd cdboot bootselect socketedrom edd int13floppy360 int13floppy1200 int13floppy720 int13floppy2880 int5printscreen int9keyboard int14serial int17printer int10video agp ls120boot zipboot biosbootspecification
*-cpu:0
description: CPU
product: Core i5 (None)
vendor: Intel Corp.
physical id: 5
bus info: cpu@0
version: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz
serial: None
slot: None
size: 2500MHz
capacity: 2700MHz
width: 64 bits
clock: 100MHz
capabilities: fpu fpu_exception wp vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss syscall nx x86-64 constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch fsgsbase bmi1 avx2 smep bmi2 erms rdseed adx smap xsaveopt
*-memory
description: System Memory
physical id: 51
size: 2GiB
*-bank:0
product: None
vendor: Microsoft
physical id: 0
serial: None
slot: M0
size: 2GiB
*-pci
description: Host bridge
product: 440BX/ZX/DX - 82443BX/ZX/DX Host bridge (AGP disabled)
vendor: Intel Corporation
physical id: 100
bus info: pci@0000:00:00.0
version: 03
width: 32 bits
clock: 33MHz
*-isa
description: ISA bridge
product: 82371AB/EB/MB PIIX4 ISA
vendor: Intel Corporation
physical id: 7
bus info: pci@0000:00:07.0
version: 01
width: 32 bits
clock: 33MHz
capabilities: isa bus_master
configuration: latency=0
*-ide
description: IDE interface
product: 82371AB/EB/MB PIIX4 IDE
vendor: Intel Corporation
physical id: 7.1
bus info: pci@0000:00:07.1
version: 01
width: 32 bits
clock: 33MHz
capabilities: ide bus_master
configuration: driver=ata_piix latency=0
resources: irq:0 ioport:1f0(size=8) ioport:3f6 ioport:170(size=8) ioport:376 ioport:ffa0(size=16)
*-bridge UNCLAIMED
description: Bridge
product: 82371AB/EB/MB PIIX4 ACPI
vendor: Intel Corporation
physical id: 7.3
bus info: pci@0000:00:07.3
version: 02
width: 32 bits
clock: 33MHz
capabilities: bridge
configuration: latency=0
*-display
description: VGA compatible controller
product: Hyper-V virtual VGA
vendor: Microsoft Corporation
physical id: 8
bus info: pci@0000:00:08.0
version: 00
width: 32 bits
clock: 33MHz
capabilities: vga_controller bus_master rom
configuration: driver=hyperv_fb latency=0
resources: irq:11 memory:f8000000-fbffffff
*-scsi:0
physical id: 1
logical name: scsi1
capabilities: emulated
*-cdrom
description: DVD reader
physical id: 0.0.0
bus info: scsi@1:0.0.0
logical name: /dev/cdrom
logical name: /dev/sr0
capabilities: audio dvd
configuration: status=nodisc
*-scsi:1
physical id: 2
logical name: scsi2
*-disk
description: SCSI Disk
physical id: 0.0.0
bus info: scsi@2:0.0.0
logical name: /dev/sda
size: 127GiB (136GB)
capabilities: partitioned partitioned:dos
configuration: logicalsectorsize=512 sectorsize=4096 signature=12827019
*-volume:0
description: EXT4 volume
vendor: Linux
physical id: 1
bus info: scsi@2:0.0.0,1
logical name: /dev/sda1
logical name: /boot
version: 1.0
serial: 136d61ec-fd77-4eec-ae3c-548ffa5cc289
size: 500MiB
capacity: 500MiB
capabilities: primary bootable journaled extended_attributes huge_files dir_nlink extents ext4 ext2 initialized
configuration: created=2015-09-15 21:23:28 filesystem=ext4 lastmountpoint=/boot modified=2015-11-12 17:11:57 mount.fstype=ext4 mount.options=rw,relatime,stripe=4,data=ordered mounted=2015-11-12 11:13:40 state=mounted
*-volume:1
description: Linux LVM Physical Volume partition
physical id: 2
bus info: scsi@2:0.0.0,2
logical name: /dev/sda2
serial: xc24X8-srg4-XM9H-Uhjc-58jN-62ys-1eigHv
size: 126GiB
capacity: 126GiB
capabilities: primary multi lvm2
*-network:1
description: Ethernet interface
physical id: 2
logical name: eth0
serial: 00:15:5d:25:01:04
capabilities: ethernet physical
configuration: broadcast=yes driver=hv_netvsc firmware=N/A ip=10.151.50.158 link=yes multicast=yes
Vider le cache DNS :
Information : Le service nscd n’est pas installé par défaut sur debian 8
systemctl restart nscd
apt-get install nscd #Installer le package
systemctl restart nscd #redémarrer le service
Afficher la consommation des ressources physiques :
- Avec top :
top
top
top - 13:43:16 up 22:09, 4 users, load average: 0,00, 0,03, 0,05
Tasks: 117 total, 1 running, 116 sleeping, 0 stopped, 0 zombie
%Cpu(s): 0,0 us, 0,0 sy, 0,0 ni,100,0 id, 0,0 wa, 0,0 hi, 0,0 si, 0,0 st
KiB Mem: 2058364 total, 604836 used, 1453528 free, 53012 buffers
KiB Swap: 392188 total, 0 used, 392188 free. 239168 cached Mem
- Avec htop :
htop
apt-get install htop
- et avec glances -> :
apt-get install glances
glances