Tuesday, June 16, 2020

find and delete file on server linux

how to find and delete file on server linux

#find /data/001/ -name -delete

Ref:
inux-unix-how-to-find-and-remove-files


1. Find Files Using Name in Current Directory

# find . -name tecmint.txt

./tecmint.txt








Posted by at No comments:
Labels: , ,

Wednesday, June 10, 2020

How to install Linux AD controller samba4 on Debian 10


fix problem windows xp not create User Profile on AD server because SAMBA V.4 up not support smbv1 them support smbv2 up

add this to /etc/samba/smb.conf
---------------
[global]
.
.
ntlm auth = ntlmv1-permitted
---------------

systemctl restart samba-ad-dc
systemctl status samba-ad-dc

Add AD user with Profile

samba-tool user add user01 --profile-path=\\\IP\Profiles\\user01

Or change by Active Directory on windows


GPO command
Execute command
gpupdate /force

display execute
gpresult /r


How to setup additional failover replication AD with debian 10.03

1. setup IP and host name
vim /etc/network/interfaces
iface ens192 inet static
address 172.16.x.78/24
gateway 172.16.x.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 172.16.x.77 172.16.x.67 172.16.x.68
dns-search ad.domain.com

vim /etc/hosts
127.0.0.1 localhost
172.16.x.77 dc1.ad.domain.com dc1
172.16.x.78 dc2.ad.domai.com dc2

vim /etc/resolv.conf 
search ad.domain.com
nameserver 172.16.x.77
nameserver 172.16.x.67
nameserver 172.16.x.68

Reboot system

ping dc1.ad.domain.com
ping dc2.ad.domain.com

2. install package
apt install samba attr dnsutils net-tools smbclient krb5-user krb5-config winbind libpam-winbind libnss-winbind libpam-krb5

Disable lecacy samba daemons
systemctl stop smbd nmbd winbind
systemctl disable smbd nmbd winbind

Move or delete to default smb.conf file
mv /etc/samba/smb.conf /etc/samba/smb.conf.org

Configure kerberos to use the existing Active Directory. Copy the krb5.conf from Primary domain
scp root@ad.domain.com:/etc/krb5.conf /etc

And get a kerberos ticket for the Active Directory.
kinit administrator
Warning: Your password will expire in 40 days on Mon 01 Feb 2021 02:29:25 PM +07
klist 
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@AD.DOMAIN.COM

2. run samba-tool command to join the realm using an account with administrative privileges on your domain
#samba-tool domain join ad.domain.com DC -U"administrator"
Finding a writeable DC for domain 'ad.domain.com'
Found DC dc1.ad.domain.com
Password for [WORKGROUP\adminstrator]:

3. Adding configure samba file
vim /etc/samba/smb.conf

       dns forwarder = 172.16.x.67 (IP DNS)
       idmap_ldb:use rfc2307 = yes
.
.
        template shell = /bin/bash
    winbind use default domain = true
    winbind offline logon = false
    winbind nss info = rfc2307
        winbind enum users = yes
        winbind enum groups = yes

4. Enable samba service
        systemctl restart samba-ad-dc.service 
        systemctl status samba-ad-dc.service
        systemctl enable samba-ad-dc.service

5. Check replication. Warning: No NC replicated for Connection! can be ignored
#samba-tool drs showrepl
Warning: No NC replicated for Connection!

6. create link krb5.conf
        mv /etc/krb5.conf /etc/krb5.conf.initial
        ln -s /var/lib/samba/private/krb5.conf /etc/
Test kerberos
# kinit administrator
Password for administrator@AD.DOMAIN.COM:
Warning: Your password will expire in 40 days on Mon 01 Feb 2021 02:29:25 PM +07
# klist 
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@AD.DOMAIN.COM

7. finish test create user AD dc2.ad.domain.com
root@dc2:~# samba-tool user add 5712016

8. Check user at dc1.ad.domain.com
root@dc1:~# samba-tool user list
Unknown parameter encountered: "profile acls"
Ignoring unknown parameter "profile acls"
uservista
5712016

9. fix join domain debian to debian fail
root@proxy01:~# realm join -U administrator@dc1.ad.domain.com AD.DOMAIN.COM --verbose
 * Resolving: _ldap._tcp.ad.domain.com
 * Resolving: ad.domain.com
 * Performing LDAP DSE lookup on: 172.16.9.77
 * Successfully discovered: ad.domain.com
Password for administrator@ad.domain.com: 
 * Unconditionally checking packages
 * Resolving required packages
 ! PackageKit not available: The name org.freedesktop.PackageKit was not provided by any .service files
 ! Necessary packages are not installed: sssd-tools sssd libnss-sss libpam-sss adcli
realm: Couldn't join realm: Necessary packages are not installed: sssd-tools sssd libnss-sss libpam-sss adcli

msktutil --auto-update --verbose -k /etc/squid/proxy.keytab --computer-name proxy01

fix with install package packagekit
apt install packagekit


Ref.

BASIC USER MANAGEMENT
# sudo su

Display domain users list
 root@smb:~# samba-tool user list

Add a domain user
 root@smb:~# samba-tool user create ubuntu

Delete a domain user
 root@smb:~# samba-tool user delete ubuntu

Reset password for a user
 root@smb:~# samba-tool user setpassword ubuntu

Set expiry for a user
 root@smb:~# samba-tool user setexpiry ubuntu --days=7

Disable/Enable user account
 root@smb:~# samba-tool user disable ubuntu

Display domain groups list
 root@smb:~# samba-tool group list

Display members in a group
 root@smb:~# samba-tool group listmembers "Domain Users"

Add a domain group
 root@smb:~# samba-tool group add ServerWorld

Delete a domain group
 root@smb:~# samba-tool group delete ServerWorld

Add a member from a domain group.
 root@smb:~# samba-tool group addmembers ServerWorld ubuntu

Remove members to group ServerWorld
 root@smb:~# samba-tool group removemembers ServerWorld ubuntu

Change Domain User Password
# sudo smbpasswd -a username
 [sudo] password for admin: 
 New SMB password:
 Retype new SMB password:

Ref:
1. Samba-4-Active-Directory-Domain-Controller-on-Ubuntu-18-04-Server
2. install-samba-4-7-6-ad-dc-ubuntu-18-04-bind-9-11-dns-backend-ad-rfc2307
3. Profile
4. Install AD Controller to windows
5. Restrict website
6. manage-samba4-active-directory-linux-command-line/

Posted by at No comments:
Labels: , , , , , , , , ,
Subscribe to: Posts (Atom)