ubuntuusers.de

auto vmbr1
iface vmbr1 inet static
    address 192.168.0.254
    netmask 255.255.255.0
    bridge_ports none
    bridge_stp off
    bridge_fd 0
    post-up echo 1 > /proc/sys/net/ipv4/ip_forward
    post-up iptables -t nat -A POSTROUTING -s '192.168.0.0/24' -o vmbr0 -j MASQUERADE
    post-down iptables -t nat -D POSTROUTING -s '192.168.0.0/24' -o vmbr0 -j MASQUERADE

// /etc/resolvconf/resolv.conf.d/base
search domino.santes
nameserver 192.168.0.1

// /etc/hosts
127.0.0.1       localhost
192.168.0.1     samba.domino.santes       samba

// /etc/resolv.conf
nameserver 192.168.0.1
search domino.santes

// //etc/network/interfaces
dns-nameservers 192.168.0.1
dns-search domino.santes

apt-get install libncurses5-dev build-essential libacl1-dev libattr1-dev libblkid-dev libgnutls-dev /
libreadline-dev python-dev python-dnspython gdb pkg-config libpopt-dev libldap2-dev dnsutils /  
libbsd-dev attr docbook-xsl libcups2-dev acl attr vim bison fakeroot libkrb5-dev libssl-dev / 
libtool libdb-dev libcap2-dev hardening-wrapper debhelper libxml2-dev libgeoip-dev dpkg-dev

// ACL
vi /etc/fstab
UUID=09c7d3e7-705c-4075-9a42-fcaffd1c9474 /     ext4    errors=remount-ro,acl,user_xattr     0       1

// Neu Mounten
mount -o remount,rw /

// KERBEROS
apt-get install krb5-user

REALM=DOMINO.SANTES
Server= samba
Server= samba

###########  INSTALL SAMBA
mkdir /usr/src/samba

wget www.samba.org/samba/ftp/stable/samba-4.0.3.tar.gz

root@samba:/usr/src/samba/samba-4.0.3#
./configure --enable-selftest && make && make install

root@samba:/usr/src# rm -r samba/

cd /

//  Den Systempfad anpassen
echo 'export PATH=$PATH:/usr/local/samba/bin:/usr/local/samba/sbin' >> ~/.bashrc

// neu einlesen der .bashrc
source ~/.bashrc

#========= SAMBA-TOOL
root@samba:/# samba-tool domain provision
Realm [DOMINO.SANTES]: DOMINO.SANTES
Domain [DOMINO]: DOMINO
Server Role (dc, member, standalone) [dc]: dc
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: SAMBA_INTERNAL
DNS forwarder IP address (write 'none' to disable forwarding) [external-dns]: external-dns
Administrator password:
Retype password:

rm /etc/krb5.conf
ln -s /usr/local/samba/share/setup/krb5.conf /etc/krb5.conf

// /etc/krb5.conf

[libdefaults]
        default_realm = DOMINO.SANTES
        dns_lookup_realm = false
        dns_lookup_kdc = true

smbd -b | grep PRIVATE_DIR
PRIVATE_DIR: /usr/local/samba/private

smbd -b | grep LOCKDIR
LOCKDIR: /usr/local/samba/var/lock

touch /etc/init.d/samba && chmod 755 /etc/init.d/samba

#http://pastebin.com/index/Ka9rwPZS


# Start/stops the Samba daemon (samba).
# Adapted from the Samba 3 packages.
#

SAMBAPID=/usr/local/samba/var/run/samba.pid

# clear conflicting settings from the environment
unset TMPDIR

# See if the daemon and the config file are there
test -x /usr/local/samba/sbin -a -r /usr/local/samba/etc/ || exit 0

. /lib/lsb/init-functions

case "$1" in
        start)
                log_daemon_msg "Starting Samba 4 daemon" "samba"

                if ! start-stop-daemon --start --quiet --oknodo --exec /usr/local/samba/sbin/samba -- -D; then
                        log_end_msg 1
                        exit 1
                fi

                log_end_msg 0
                ;;
        stop)
                log_daemon_msg "Stopping Samba 4 daemon" "samba"

                start-stop-daemon --stop --quiet --name samba $SAMBAPID
                # Wait a little and remove stale PID file
                sleep 1
                if [ -f $SAMBAPID ] && ! ps h `cat $SAMBAPID` > /dev/null
                then
                        # Stale PID file (samba was succesfully stopped),
                        # remove it (should be removed by samba itself IMHO.)
                        rm -f $SAMBAPID
                fi

                log_end_msg 0

                ;;
        restart|force-reload)
                $0 stop
                sleep 1
                $0 start
                ;;
        *)
                echo "Usage: /etc/init.d/samba {start|stop|restart|force-reload}"
                exit 1
                ;;
esac

exit 0

killall samba

/etc/init.d# ./samba restart
 * Stopping Samba 4 daemon samba        [ OK ]
 * Starting Samba 4 daemon samba          [ OK ]

ps aux | grep samba

/usr/local/samba/sbin/samba -D
/usr/local/samba/sbin/samba -D
/usr/local/samba/sbin/samba -D
/usr/local/samba/sbin/samba -D
/usr/local/samba/sbin/samba -D
/usr/local/samba/sbin/samba -D
/usr/local/samba/sbin/samba -D
/usr/local/samba/sbin/samba -D
/usr/local/samba/sbin/samba -D
/usr/local/samba/sbin/samba -D
/usr/local/samba/sbin/smbd --option=server role check:inhibit=yes --foreground
/usr/local/samba/sbin/samba -D
/usr/local/samba/sbin/samba -D
/usr/local/samba/sbin/samba -D
/usr/local/samba/sbin/samba -D
/usr/local/samba/sbin/smbd --option=server role check:inhibit=yes --foreground
grep --color=auto samba

root@samba:/etc/init.d# kinit Administrator
Password for Administrator@DOMINO.SANTES:
Warning: Your password will expire in 41 days on Tue Apr 16 11:01:14 2013
root@samba:/etc/init.d# klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Administrator@DOMINO.SANTES

Valid starting       Expires              Service principal
05.03.2013 10:04:14  05.03.2013 20:04:14  krbtgt/DOMINO.SANTES@DOMINO.SANTES
 renew until 06.03.2013 10:04:09, Etype (skey, tkt): arcfour-hmac, arcfour-hmac

nslookup -type=srv _kerberos._tcp.domino.santes.
dig server.domino.santes +short
dig -t srv _kerberos._tcp.domino.santes +short
dig -t srv _ldap._tcp.domino.santes +short
nslookup samba.domino.santes

smbclient //samba/netlogon -U Administrator
smbclient -U Administrator -L samba.domino.santes
smbclient -L samba.domino.santes -N

smbclient //samba/netlogon -U Administrator
smbclient -L samba -U Administrator
smbclient -U Administrator -L samba.domino.santes
smbclient -L samba.domino.santes -N


testparm -v | egrep -i "prot|sec"
testparm -v | grep auth
testparm 2>&1 | grep role
testparm -v |grep printer
testparm -sv | grep resolve
testparm -sv | grep workgroup
testparm -sv | grep wins

samba-tool drs showrepl
samba-tool domain provision -h |more
samba_dnsupdate --verbose
samba-tool dbcheck
samba-tool dbcheck --cross-ncs
samba-tool dbcheck –reindex
samba-tool dbcheck -v

#!/bin/sh
#
# Copyright (C) Matthieu Patou <mat@matws.net> 2010-2011
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#

FROMWHERE=/var/lib/samba
WHERE=/tmp/samba_testbackup

if [ -n "$1" ] && [ "$1" = "-h" -o "$1" = "--usage" ]; then
	echo "samba_backup [provisiondir] [destinationdir]"
	echo "Will backup your provision located in provisiondir to archive stored in destinationdir"
	echo "Default provisiondir: $FROMWHERE"
	echo "Default destinationdir: $WHERE"
	exit 0
fi

[ -n "$1" -a -d "$1" ]&&FROMWHERE=$1
[ -n "$2" -a -d "$2" ]&&WHERE=$2

DIRS="private sysvol"
#Number of days to keep the backup
DAYS=90
WHEN=`date +%d%m%y`

if [ ! -d $WHERE ]; then
	echo "Missing backup directorty $WHERE"
	exit 1
fi

if [ ! -d $FROMWHERE ]; then
	echo "Missing or wrong provision directorty $FROMWHERE"
	exit 1
fi

cd $FROMWHERE
for d in $DIRS;do
	relativedirname=`find . -type d -name "$d" -prune`
	n=`echo $d | sed 's/\//_/g'`
	if [ "$d" = "private" ]; then
		find $relativedirname -name "*.ldb.bak" -exec rm {} \;
		for ldb in `find $relativedirname -name "*.ldb"`; do
			tdbbackup $ldb
			if [ $? -ne 0 ]; then
				echo "Error while backuping $ldb"
				exit 1
			fi
		done
		tar cjf ${WHERE}/samba4_${n}.${WHEN}.tar.bz2  $relativedirname --exclude=*.ldb >/dev/null 2>&1
		if [ $? -ne 0 ]; then
			echo "Error while archiving ${WHERE}/samba4_${n}.${WHEN}.tar.bz2"
			exit 1
		fi
		find $relativedirname -name "*.ldb.bak" -exec rm {} \;
	else
		tar cjf ${WHERE}/${n}.${WHEN}.tar.bz2  $relativedirname >/dev/null 2>&1
		if [ $? -ne 0 ]; then
			echo "Error while archiving ${WHERE}/${n}.${WHEN}.tar.bz2"
			exit 1
		fi
	fi
done

find $WHERE -name "samba4_*bz2" -mtime +90 -exec rm  {} \; >/dev/null 2>&1

Sicherungen der Verzeichnisse

# Samba Stoppen
/etc/init.d/sernet-samba4  stop
AKTUELLES_DATUM=`date +%Y-%m-%d`
UHRZEIT=`date +%H.%M.%S`
SICHERUNGS_VERZEICHNIS=/root/backupsamba/
LDB=ldb-private
LDBS=sam-ldb-d
cd $SICHERUNGS_VERZEICHNIS
# Verzeichnis erstellen
mkdir $LDB-$AKTUELLES_DATUM-$UHRZEIT
mkdir $LDBS-$AKTUELLES_DATUM-$UHRZEIT
# Backup ldb Sicherungen
cd /
cd /opt/samba/private
tdbbackup *.ldb
mv *.ldb.bak $SICHERUNGS_VERZEICHNIS/$LDB-$AKTUELLES_DATUM-$UHRZEIT
cd $SICHERUNGS_VERZEICHNIS/$LDB-$AKTUELLES_DATUM-$UHRZEIT
chgrp s4admin *
cd /
cd /opt/samba/private/sam.ldb.d
tdbbackup *.ldb
mv *.ldb.bak $SICHERUNGS_VERZEICHNIS/$LDBS-$AKTUELLES_DATUM-$UHRZEIT
cd $SICHERUNGS_VERZEICHNIS/$LDBS-$AKTUELLES_DATUM-$UHRZEIT
chgrp s4admin *
cd /
## Backup etc
cd /opt/samba/
find etc ! -type s ! -type d -print0 | tar cfv   /root/backupsamba/backup-etc-$(date +%d.%m.%y-%R).tar --null -T -
## Backup sysvol
cd /opt/samba/var/locks
find sysvol ! -type s ! -type d -print0 | tar cfv /root/backupsamba/backup-sysvol-$(date +%d.%m.%y-%R).tar --null -T -


## Backup private
cd /opt/samba
find private ! -type s ! -type d -print0 | tar cfv /root/backupsamba/backup-private-$(date +%d.%m.%y-%R).tar --null -T -

# Samba Starten
/etc/init.d/sernet-samba4 start
/opt/samba/bin/samba-tool dbcheck --cross-ncs
/opt/samba/bin/samba-tool dbcheck –reindex
/opt/samba/bin/samba-tool dbcheck -v