Server 2008_R2 supported 100000 users and computers, 100 DC in domain tested
IN LXC YOU MUST USE PRIVILEGED CONTAINER AND DNS may be 127.0.0.1 in the end!
Insert AD name ad.corp.janforman.com
sudo vi /etc/hostname sudo vi /etc/hosts
etc/cloud.cfg
preserve_hostname: true
sudo apt-get install samba krb5-user krb5-config winbind smbclient libpam-winbind libnss-winbind wsdd
wsdd2 conflicts with SMBD!
Kerberos Realm: CORP.JANFORMAN.COM Kerberos servers for your realm: ad.corp.janforman.com Administrative server for your Kerberos realm: ad.corp.janforman.com
sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.original sudo samba-tool domain provision --use-rfc2307 --interactive
sudo mkdir /etc/systemd/resolved.conf.d/
/etc/systemd/resolved.conf.d/custom.conf
[Resolve] DNSStubListener=no Domains=corp.janforman.com DNS=127.0.0.1
sudo systemctl restart systemd-resolved
or simply disable that service
add to smb.conf global section
dns forwarder = 172.24.16.254
[libdefaults] default_realm = CORP.JANFORMAN.COM dns_lookup_realm = false dns_lookup_kdc = false [realms] CORP.JANFORMAN.COM = { kdc = ad.corp.janforman.com admin_server = ad.corp.janforman.com default_domain = corp.janforman.com } [domain_realm] ad = CORP.JANFORMAN.COM
sudo mv /etc/krb5.conf /etc/krb5.conf.original sudo cp /var/lib/samba/private/krb5.conf /etc/ sudo systemctl disable --now smbd nmbd winbind sudo systemctl unmask samba-ad-dc sudo systemctl enable --now samba-ad-dc wsdd
/etc/default/wsdd
WSDD_PARAMS="-w CORP"
sudo samba-tool domain level show smbclient -L localhost -N kinit administrator klist
sudo rm -f /etc/resolv.conf && sudo vi /etc/resolv.conf nameserver 127.0.0.1 domain corp.janforman.com
Samba version 4.15.13-Ubuntu PID Username Group Machine Protocol Version Encryption Signing ---------------------------------------------------------------------------------------------------------------------------------------- 1526 root users 172.24.16.123 (ipv4:172.24.16.123:50210) SMB3_11 - partial(AES-128-CMAC) Service pid Machine Connected at Encryption Signing --------------------------------------------------------------------------------------------- public 1526 172.24.16.123 Wed Jun 21 09:31:07 PM 2023 UTC - AES-128-CMAC Locked files: Pid User(ID) DenyMode Access R/W Oplock SharePath Name Time -------------------------------------------------------------------------------------------------- 1526 0 DENY_NONE 0x100081 RDONLY NONE /mnt . Wed Jun 21 21:31:11 2023 1526 0 DENY_NONE 0x100081 RDONLY NONE /mnt . Wed Jun 21 21:31:11 2023 1526 0 DENY_NONE 0x100081 RDONLY NONE /mnt . Wed Jun 21 21:31:09 2023
nmap --script smb-protocols 192.168.101.0/24 nmap -sS -sV -sC 192.168.101.0/24
yum install samba samba-client samba-common
systemctl enable smb.service systemctl enable nmb.service systemctl restart smb.service systemctl restart nmb.service
[global] workgroup = WINDOWS server string = Samba Server Version %v netbios name = SAMBA log level = 1 log file = /var/log/samba/log.%m max log size = 50 security = user local master = no os level = 33 preferred master = no wins support = no #====== connect to existing wins or enable wins support wins server = 172.24.16.254 wins proxy = yes #====== dns proxy = yes map to guest = bad user username map = /etc/samba/smbusers use sendfile = 1 deadtime = 10 load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes #====== Share Definitions [public] comment = Public path = /storage/public public = yes writable = yes printable = no guest ok = yes
smbpasswd -a <linuxuser>
/etc/samba/smbusers
linuxuser = sambaname
/etc/fstab
//172.24.16.20/backup_oracle /backup_oracle cifs _netdev,rw,username=USER,password=PASSWORD,file_mode=0640,dir_mode=0750,uid=oracle,gid=oinstall 0 0
mount -o vers=1.0 //x.x.x.x/share /mnt/samba