Centos系统下载大全 | Redhat系统下载大全 | Windows2012系统下载大全 | Windows2008系统下载大全| CMS教程 | 网站地图 51运维网-专注Linux/Unix系统安全运维!
当前位置:51运维网 > 教程 > Linux网络管理 > 正文

Centos7.1最小化安装搭建Active Directory Service的域控制器

时间:2016-08-16 18:39 来源:网络整理 作者:linux系统 阅读:

Centos7.1最小化安装搭建Active Directory Service的域控制器

时间:2015-04-22 11:54来源:blog.51cto.com 作者:“IT虾米Paul Yang” 举报 点击:次

实验平台

I3二代,8G内存,WIN764位系统,安装Virtualbox4.3.26,建立CENTOS7.1虚拟机,挂载minimal光盘安装系统。

同时下载准备了一个Centos everything的7G DVD光盘,方便安装依赖包,不用实时联网YUM安装。

 

一、最小化安装CENTOS7.1,过程略。

二、登陆Centos7.1系统,安装依赖。我喜欢用下载的Centos DVD安装软件,比网络快。

 

1. 如果要从WIN7系统用PUTTY等软件SSH连接虚拟机,要配置好固定IP,打开SSH。我是用securecrt连的虚拟机,网络选了一个网卡桥接本机网卡动态IP,一个选host-only网络,IP段设置192.168.6.*。

Last login: Thu Apr 16 04:20:06 2015 from 192.168.6.1

2.挂载everything的光盘
[root@localhost ~]# mount /dev/cdrom /mnt 
mount: /dev/sr0 is write-protected, mounting read-only

3.进入/etc/yum.repos.d/目录,批量改名备份repo文件

[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# find . -type f |xargs -i mv {} {}.bkp
[root@localhost yum.repos.d]# ls
CentOS-Base.repo.bkp  CentOS-Debuginfo.repo.bkp  CentOS-Sources.repo.bkp
CentOS-CR.repo.bkp    CentOS-fasttrack.repo.bkp  CentOS-Vault.repo.bkp

4.用编辑器新建立一个光盘安装源。
[root@localhost yum.repos.d]# vi CentOS-Media.repo
[c7-media]
name=CentOS-$releasever- Media
baseurl=file:///mnt
gpgcheck=0
enabled=1
                                                                                                 
"CentOS-Media.repo" 5L, 83C written

5.从光盘安装"development tools"

[root@localhost yum.repos.d]# yum groupinstall "development tools"

安装过程略

 

6.安装一些依赖

[root@localhost samba-4.2.1]# yum -y install libacl-devel libblkid-devel gnutls-devel readline-devel python-devel autoconf gdb bind rsyslog-gssapi cyrus-sasl-gssapi

 

还有几个RPM包我用RPM命令是后面编译报错再安装的,也可以在上面的YUM一次安装

[root@localhost samba-4.2.1]# rpm -ivh /mnt/Packages/python-devel-2.7.5-16.el7.x86_64.rpm 
warning: /mnt/Packages/python-devel-2.7.5-16.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing...                          ################################# [100%]
        package python-devel-2.7.5-16.el7.x86_64 is already installed
[root@localhost samba-4.2.1]# rpm -ivh /mnt/Packages/cyrus-sasl-2.1.26-17.el7.x86_64.rpm 
warning: /mnt/Packages/cyrus-sasl-2.1.26-17.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:cyrus-sasl-2.1.26-17.el7         ################################# [100%]
[root@localhost samba-4.2.1]# rpm -ivh /mnt/Packages/cyrus-sasl-devel-2.1.26-17.el7.x86_64.rpm 
warning: /mnt/Packages/cyrus-sasl-devel-2.1.26-17.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:cyrus-sasl-devel-2.1.26-17.el7   ################################# [100%]
[root@localhost samba-4.2.1]# rpm -ivh /mnt/Packages/openldap-devel-2.4.39-6.el7.x86_64.rpm          
warning: /mnt/Packages/openldap-devel-2.4.39-6.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:openldap-devel-2.4.39-6.el7      ################################# [100%]

 

三、下载编译Samda

7.下载SAMBA4.2.1源码包,用SECUREFXP上传到/tmp目录,wget实在太慢了。

8.现在进入/tmp目录,解压准备编译samba4.2.1

[root@localhost ~]# cd /tmp
[root@localhost tmp]# ls
ks-script-BL7c5a  samba-latest.tar.gz  yum.log
[root@localhost tmp]# tar -xvf samba-latest.tar.gz
[root@localhost tmp]# ls
ks-script-BL7c5a  samba-4.2.1  samba-latest.tar.gz  yum.log
[root@localhost tmp]# cd samba-4.2.1/

编译之前要运行buildtools/scripts/目录下的autogen-waf.sh

[root@localhost samba-4.2.1]# cd buildtools/scripts/
[root@localhost scripts]# ./autogen-waf.sh 

Setting up for waf build
Looking for the buildtools directory
Found buildtools in ./../../buildtools
Setting up configure
Setting up Makefile
done. Now run ./configure or ./configure.developer then make.

 

回到解压的目录,开始编译samba

[root@localhost scripts]# cd /tmp/samba-4.2.1/
[root@localhost samba-4.2.1]# ./configure

编译过程略......
'configure' finished successfully (1m8.178s)

 

到这里编译完成.

9.开始make安装

[root@localhost samba-4.2.1]# make && make install

安装过程略......
Waf: Leaving directory `/tmp/samba-4.2.1/bin'
'install' finished successfully (3m22.415s)

至此samba4.2.1源码编译安装完成。

 

10.修改主机名为DC1,把FQDN完全域名写上,好处是等下提升为域控免输域名了。

[root@localhost samba-4.2.1]#vi /etc/hostname 
DC1.contoso.com

 

四、提升为域控

11.虚拟机可以关机做个快照,然后启动,登陆,开始把这台linux主机提升为域控制器。

 

[root@DC1 ~]# cd /usr/local/samba/bin 

 

[root@DC1 bin]# ./samba-tool domain provision 

Realm [CONTOSO.COM]: 

Domain [CONTOSO]: 

Server Role (dc, member, standalone) [dc]: 

DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: BIND9_FLATFILE  #这里选的BIND9的DNS,也可以安装Samba自带的DNS. 

Administrator password: 输入域控管理员密码,密码一定要复杂,大小写字母+数字,如Ab123456&
Retype password: 再输入一遍Ab123456&

Looking up IPv4 addresses More than one IPv4 address found. Using 192.168.6.3 

Looking up IPv6 address 

No IPv6 addresswill be assigned 

Setting up secrets.ldb 

Setting up the registry 

Setting up the privileges database 

Setting up idmap db 

Setting up sam.ldb partitions and settings 

Setting up sam.ldb rootDSE 

Pre-loading the Samba 4 and AD schema 

Adding DomainDN: DC=contoso,DC=com 

Adding configuration container 

Setting up sam.ldb schema 

Setting up sam.ldb configuration data 

Setting up display specifiers 

Modifying display specifiers 

Adding users container 

Modifying users container 

Adding computers container 

Modifying computers container 

Setting up sam.ldb data 

Setting up well known security principals 

Setting up sam.ldb users and groups 

Setting up self join 

Adding DNS accounts 

Creating CN=MicrosoftDNS,CN=System,DC=contoso,DC=com 

rndc: neither /etc/rndc.conf nor /etc/rndc.key was found 

rndc: neither /etc/rndc.conf nor /etc/rndc.key was found 

See /usr/local/samba/private/named.conf for an example configuration include file for BIND 

and /usr/local/samba/private/named.txt for further documentation required for secure DNS updates 

Setting up sam.ldb rootDSE marking as synchronized 

Fixing provision GUIDs 

A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf

Once the above files are installed, your Samba4 server will be ready to use 

Server Role:           active directory domain controller 

Hostname:              DC1 

NetBIOS Domain:        CONTOSO 

DNS Domain:            contoso.com 

DOMAIN SID:            S-1-5-21-3366851103-1622988557-2824442447 

[root@DC1 bin]#

 

 

一定要见到DOMAIN SID才算配置成功


启动samba
[root@DC1 bin]# /usr/local/samba/sbin/samba

查看版本

[root@DC1 bin]# /usr/local/samba/bin/smbclient --version

Version 4.2.1



测试

[root@DC1 bin]# /usr/local/samba/bin/smbclient -L localhost -U%

Domain=[CONTOSO] 

OS=[Unix] 

Server=[Samba 4.2.1]      

Sharename       Type      Comment      

---------       ----      -------   

 netlogon        Disk      

 sysvol          Disk       

 IPC$            IPC      IPC Service (Samba 4.2.1)

Domain=[CONTOSO] OS=[Unix] Server=[Samba 4.2.1]  

  Server               Comment    

  ---------            -------    

  Workgroup            Master    

  ---------            -------


 

[root@DC1 bin]# /usr/local/samba/bin/smbclient //localhost/netlogon -Uadministrator

Enter administrator's password: 

Domain=[CONTOSO] OS=[Unix] Server=[Samba 4.2.1]

smb: \> q

[root@DC1 bin]#

 

检查一下BIND

[root@DC1 bin]# rpm -qa|grep bind

bind-libs-lite-9.9.4-18.el7.x86_64

bind-license-9.9.4-18.el7.noarch

bind-libs-9.9.4-18.el7.x86_64

bind-9.9.4-18.el7.x86_64

感谢您对【51运维网 http://www.51ou.com/】的支持,我们为您免费提供《Centos7.1最小化安装搭建Active Directory Service的域控制器》技术文章,《Centos7.1最小化安装搭建Active Directory Service的域控制器》详细使用和说明,有时《Centos7.1最小化安装搭建Active Directory Service的域控制器》可能不完善、敬请谅解!如果《Centos7.1最小化安装搭建Active Directory Service的域控制器》有错误请给我们留言,我们将尽快修复文章错误,如果您觉得本站不错,请分享给周围的朋友!谢谢!

顶一下
(0)
0%
踩一下
(0)
0%
发表评论
请自觉遵守互联网相关的政策法规,严禁发布色情、暴力、反动的言论。
验证码:点击我更换图片