FreeBSD 10.2 SAMBA (AD Member Server)
Richardson Lima edited this page Sep 15, 2016
·
10 revisions
ifconfig_em0="inet 192.168.0.254 netmask 255.255.255.0"
defaultrouter="192.168.0.1"
freebsd-update fetch
freebsd-update install
kern.maxfiles=25600
kern.maxfilesperproc=16384
net.inet.tcp.sendspace=65536
net.inet.tcp.recvspace=65536
pkg
" The package management tool is not yet installed on your system.
Do you want to fetch and install it now? [y/N]: y "
pkg update
pkg search samba
"p5-Samba-LDAP-0.05_2 Manage a Samba PDC with an LDAP Backend
p5-Samba-SIDhelper-0.0.0_3 Create SIDs based on G/UIDs
samba-nsupdate-9.8.6_1 nsupdate utility with GSS-TSIG support
samba-virusfilter-0.1.3_1 On-access anti-virus filter for Samba
samba36-3.6.25_3 Free SMB and CIFS client and server for Unix
samba36-libsmbclient-3.6.25_2 Shared lib from the samba package
samba36-nmblookup-3.6.25 NetBIOS Name lookup tool
samba36-smbclient-3.6.25 Samba "ftp-like" client
samba42-4.2.14 Free SMB/CIFS and AD/DC server and client for Unix
samba43-4.3.11_1 Free SMB/CIFS and AD/DC server and client for Unix
samba44-4.4.5_1 Free SMB/CIFS and AD/DC server and client for Unix"
pkg install samba44
"The following 35 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
samba44: 4.4.5_1
python27: 2.7.12
libffi: 3.2.1
indexinfo: 0.2.4
gettext-runtime: 0.19.8.1
talloc: 2.1.6
python2: 2_3
libsunacl: 1.0
popt: 1.16_1
py27-iso8601: 0.1.11
py27-setuptools27: 20.0
py27-dnspython: 1.12.0
openldap-client: 2.4.44
tevent: 0.9.28
ldb: 1.1.26
tdb: 1.3.9,1
gnutls: 3.4.13
nettle: 3.2
gmp: 5.1.3_3
ca_root_nss: 3.26
libtasn1: 4.8
trousers: 0.3.13
tpm-emulator: 0.7.4_1
p11-kit: 0.23.2
libidn: 1.33_1
libinotify: 20160505
gamin: 0.1.10_8
glib: 2.46.2
libiconv: 1.14_9
perl5: 5.20.3_15
pcre: 8.39
libarchive: 3.2.1,1
expat: 2.1.1_2
lzo2: 2.09
liblz4: 131
Number of packages to be installed: 35
The process will require 295 MiB more space.
57 MiB to be downloaded.
Proceed with this action? [y/N]: y"
"===========================================================================
Note that some standard Python modules are provided as separate ports
as they require additional dependencies. They are available as:
bsddb databases/py-bsddb
gdbm databases/py-gdbm
sqlite3 databases/py-sqlite3
tkinter x11-toolkits/py-tkinter
===========================================================================
Message from ca_root_nss-3.26:
********************************* WARNING *********************************
FreeBSD does not, and can not warrant that the certification authorities
whose certificates are included in this package have in any way been
audited for trustworthiness or RFC 3647 compliance.
Assessment and verification of trust is the complete responsibility of the
system administrator.
*********************************** NOTE **********************************
This package installs symlinks to support root certificates discovery by
default for software that uses OpenSSL.
This enables SSL Certificate Verification by client software without manual
intervention.
If you prefer to do this manually, replace the following symlinks with
either an empty file or your site-local certificate bundle.
* /etc/ssl/cert.pem
* /usr/local/etc/ssl/cert.pem
* /usr/local/openssl/cert.pem
***************************************************************************
Message from perl5-5.20.3_15:
The /usr/bin/perl symlink has been removed starting with Perl 5.20.
For shebangs, you should either use:
#!/usr/local/bin/perl
or
#!/usr/bin/env perl
The first one will only work if you have a /usr/local/bin/perl,
the second will work as long as perl is in PATH.
Message from openldap-client-2.4.44:
************************************************************
The OpenLDAP client package has been successfully installed.
Edit
/usr/local/etc/openldap/ldap.conf
to change the system-wide client defaults.
Try `man ldap.conf' and visit the OpenLDAP FAQ-O-Matic at
http://www.OpenLDAP.org/faq/index.cgi?file=3
for more information.
************************************************************
Message from trousers-0.3.13:
To run tcsd automatically, add the following line to /etc/rc.conf:
tcsd_enable="YES"
You might want to edit /usr/local/etc/tcsd.conf to reflect your setup.
If you want to use tcsd with software TPM emulator, use the following
configuration in /etc/rc.conf:
tcsd_enable="YES"
tcsd_mode="emulator"
tpmd_enable="YES"
To use TPM, add your_account to '_tss' group like following:
# pw groupadd _tss -m your_account
Message from libinotify-20160505:
============================================================================
Libinotify functionality on FreeBSD is missing support for
- detecting a file being moved into or out of a directory within the
same filesystem
- certain modifications to a symbolic link (rather than the
file it points to.)
in addition to the known limitations on all platforms using kqueue(2)
where various open and close notifications are unimplemented.
This means the following regression tests will fail:
Directory notifications:
IN_MOVED_FROM
IN_MOVED_TO
Open/close notifications:
IN_OPEN
IN_CLOSE_NOWRITE
IN_CLOSE_WRITE
Symbolic Link notifications:
IN_DONT_FOLLOW
IN_ATTRIB
IN_MOVE_SELF
IN_DELETE_SELF
Kernel patches to address the missing directory and symbolic link
notifications are available from:
https://github.com/libinotify-kqueue/libinotify-kqueue/tree/master/patches
=============================================================================
You might want to consider increasing the kern.maxfiles tunable if you plan
to use this library for applications that need to monitor activity of a lot
of files.
If the default on your system is too low, add the following line to
/boot/loader.conf, then reboot the system:
kern.maxfiles="25000"
=============================================================================
Message from gamin-0.1.10_8:
===============================================================================
Gamin will only provide realtime notification of changes for at most n files,
where n is the minimum value between (kern.maxfiles * 0.7) and
(kern.maxfilesperproc - 200). Beyond that limit, files will be polled.
If you often open several large folders with Nautilus, you might want to
increase the kern.maxfiles tunable (you do not need to set
kern.maxfilesperproc, since it is computed at boot time from kern.maxfiles).
For a typical desktop, add the following line to /boot/loader.conf, then
reboot the system:
kern.maxfiles="25000"
The behavior of gamin can be controlled via the various gaminrc files.
See http://www.gnome.org/~veillard/gamin/config.html on how to create
these files. In particular, if you find gam_server is taking up too much
CPU time polling for changes, something like the following may help
in one of the gaminrc files:
# reduce polling frequency to once per 10 seconds
# for UFS file systems in order to lower CPU load
fsset ufs poll 10
===============================================================================
===> NOTICE:
The gamin port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:
https://bugs.freebsd.org/bugzilla
More information about port maintainership is available at:
https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from samba44-4.4.5_1:
===============================================================================
How to start: http://wiki.samba.org/index.php/Samba4/HOWTO
* Your configuration is: /usr/local/etc/smb4.conf
* All the relevant databases are under: /var/db/samba4
* All the logs are under: /var/log/samba4
* Provisioning script is: /usr/local/bin/samba-tool
For additional documentation check: http://wiki.samba.org/index.php/Samba4
Bug reports should go to the: https://bugzilla.samba.org/
==============================================================================="
[libdefaults]
default_realm = DOMAIN01.LOCAL
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = yes
group: files winbind
passwd: files winbind
[global]
workgroup = DOMAIN01
server string = Samba FreeBSD Server Version %v
security = ads
realm = DOMAIN01.LOCAL
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072
use sendfile = true
idmap config * : backend = tdb
idmap config * : range = 100000-299999
idmap config DOMAIN01 : backend = rid
idmap config DOMAIN01 : range = 10000-99999
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind refresh tickets = yes
restrict anonymous = 2
log file = /var/log/samba4/log.%m
max log size = 50
#============================ Share Definitions ==============================
[Stage-Area-01]
comment = Stage Area 01 Share
path = /samba/stagearea01
read only = no
force group = "admins. do dom\303\255nio"
directory mask = 0770
force directory mode = 0770
create mask = 0660
force create mode = 0660
net ads join -U administrador
net ads testjoin
# Should report "Join is OK"
echo "winbindd_enable=YES" >> /etc/rc.conf
echo "samba_server_enable=YES" >> /etc/rc.conf
service winbindd_server start
service samba_server start
wbinfo -u
# Should return domain users
wbinfo -g
# Should return domain groups
getent passwd
# Should return domain users at the end of the list with 10000+ UIDs
getent group
# Should return domain groups at the end of the list with 10000+ GIDs
mkdir -p /samba/stagearea01
chown "administrador":"admins. do dom\303\255nio" /samba/stagearea01
chmod 0770 /samba/stagearea01