Create SAMBA Domain: Unterschied zwischen den Versionen

Aus darkrealm Wiki
Zur Navigation springen Zur Suche springen
← Zum vorherigen VersionsunterschiedZum nächsten Versionsunterschied →
Keine Bearbeitungszusammenfassung
Keine Bearbeitungszusammenfassung
Zeile 14: Zeile 14:
3a. join WINDOWS 7 machine to domain
3a. join WINDOWS 7 machine to domain


Change
Change (Both Keys do not exist on a fresh install)
             HKLM\System\CCS\Services\LanmanWorkstation\Parameters
             HKLM\System\CCS\Services\LanmanWorkstation\Parameters
             DWORD  DomainCompatibilityMode = 1
             DWORD  DomainCompatibilityMode = 1
Zeile 23: Zeile 23:
         TODO: check why join domain twice
         TODO: check why join domain twice


----> smbldap-tools Version 0.9.8 required. 0.9.4-r1 doesn't have the -W flag.


CREATING Domain Users:
CREATING Domain Users:

Version vom 3. August 2012, 23:14 Uhr

1. Create a Domain Administrator Account on Domain Server

smbldap-useradd -a -c "Domain Administrator" -d /home/domadmin -g 512 -m -s /bin/bash -H [UHX] -N "Domain Administrator" -P domadmin

2. Grant user domadmin Domain joining rights

net rpc rights grant domadmin SeMachineAccountPrivilege -U domadmin

3. join XP machine to domain

Control Panel-> System -> Network Identification -> Enter Domain Name, then enter user/pass for domadmin 

                 must be done twice, 1st error "Benutzername konnte nicht gefunden werden, 2nd time it works

3a. join WINDOWS 7 machine to domain

Change (Both Keys do not exist on a fresh install) 

           HKLM\System\CCS\Services\LanmanWorkstation\Parameters
           DWORD  DomainCompatibilityMode = 1
           DWORD  DNSNameResolutionRequired = 0
           (In Effect immediately, no restart required)

like 3) also twice. 

       TODO: check why join domain twice

> smbldap-tools Version 0.9.8 required. 0.9.4-r1 doesn't have the -W flag.

CREATING Domain Users:

4. Grant user domadmin user modification rights

net rpc rights grant domadmin SeAddUsersPrivilege -U domadmin

5. Log on onto domain as domuser

6. add an user to the domain

net user add donald test /add /domain 

 ( add user script in this case was : /usr/sbin/smbldap-useradd -B 1 -m "%u" )
 - TODO : check samba's Domain Users Group membership
 - TODO : check why -B 1 doesn't work (change password on 1st logon)

7. Log on as the new user




TODO : check why with ldapsam:trusted machine accounts still wont get their credentials

Abgerufen von „https://darkrealm-wiki.darkrealm.dyndns.org/index.php?title=Create_SAMBA_Domain&oldid=21