# Samba DC apt-get install task-samba-dc chrony -y control chrony server systemctl enable --now chronyd for service in smb nmb krb5kdc slapd bind; do systemctl disable $service; systemctl stop $service; done hostnamectl set-hostname dc.test.alt domainname test.alt echo name_servers=127.0.0.1 >> /etc/resolvconf.conf echo search_domains=test.alt >> /etc/resolvconf.conf resolvconf -u rm -f /etc/samba/smb.conf rm -rf /var/lib/samba rm -rf /var/cache/samba mkdir -p /var/lib/samba/sysvol samba-tool domain provision --realm=test.alt --domain=test --adminpass='KatIrina1' --dns-backend=SAMBA_INTERNAL --option="dns forwarder=77.88.8.8" --server-role=dc --use-rfc2307 systemctl enable --now samba cp /var/lib/samba/private/krb5.conf /etc/krb5.conf samba-tool domain info 127.0.0.1 --password=KatIrina1 smbclient -L localhost -Uadministrator kinit administrator klist samba-tool user create ivanov 'KatIrina1' --given-name='Иван Иванов' --mail-address='ivanov@test.alt' samba-tool user setexpiry ivanov --noexpiry ########### # NFS сервер - этап 1 echo name_servers=10.1.4.10 >> /etc/resolvconf.conf echo search_domains=test.alt >> /etc/resolvconf.conf resolvconf -u hostnamectl set-hostname nas.test.alt apt-get install task-auth-ad-sssd -y system-auth write ad test.alt nas test 'administrator' 'KatIrina1' reboot ########### # DNS samba-tool dns zonecreate 127.0.0.1 4.1.10.in-addr.arpa -Uadministrator --password=KatIrina1 samba-tool dns add 127.0.0.1 4.1.10.in-addr.arpa 10 PTR dc.test.alt -Uadministrator --password=KatIrina1 samba-tool dns add 127.0.0.1 4.1.10.in-addr.arpa 12 PTR ws.test.alt -Uadministrator --password=KatIrina1 samba-tool dns add 127.0.0.1 4.1.10.in-addr.arpa 11 PTR nas.test.alt -Uadministrator --password=KatIrina1 ########### # NFS сервер - этап 2 apt-get install nfs-server -y systemctl enable --now nfs-server vim /etc/idmapd.conf [General] Domain = test.alt Local-Realms = TEST.ALT [Translation] Method = nsswitch,static GSS-Methods = nsswitch,static mkdir -p /share/nfs_share/testdir chgrp 'Domain Users' /share/nfs_share/ chmod g+w /share/nfs_share/ echo "/share/nfs_share/ *(rw,sync,no_subtree_check,sec=krb5:krb5i:krb5p)" > /etc/exports exportfs -vra kinit administrator@TEST.ALT adcli update --service-name=nfs systemctl restart nfs-server ########### # NFS Client echo name_servers=10.1.4.10 >> /etc/resolvconf.conf echo search_domains=test.alt >> /etc/resolvconf.conf resolvconf -u hostnamectl set-hostname ws.test.alt apt-get install task-auth-ad-sssd -y system-auth write ad test.alt ws test 'administrator' 'KatIrina1' reboot systemctl enable --now nfs-client.target mkdir /mnt/nfs mount.nfs4 -vvv -o sec=krb5:krb5i:krb5p,rw nas.test.alt://share/nfs_share/ /mnt/nfs/