5月 23, 2015
GNU nano 2.2.6 File: /etc/modules
# /etc/modules: kernel modules to load at boot time.
#
# This file contains the names of kernel modules that should be loaded
# at boot time, one per line. Lines beginning with "#" are ignored.
# Parameters can be specified after the module name.
snd-bcm2835
ipv6
GNU nano 2.2.6 File: /etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
allow-hotplug eth0
#iface eth0 inet manual
iface eth0 inet static
address 192.168.0.20
gateway 192.168.0.1
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
dns-nameservers 192.168.0.20 192.168.0.1
dns-search yamatomura.local
auto wlan0
allow-hotplug wlan0
iface wlan0 inet manual
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
auto wlan1
allow-hotplug wlan1
iface wlan1 inet manual
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
GNU nano 2.2.6 File: /opt/samba/etc/smb.conf
# Global parameters
[global]
workgroup = YAMATOMURA
realm = YAMATOMURA.LOCAL
netbios name = RASPBERRY1
server role = active directory domain controller
dns forwarder = 192.168.0.1
server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, dns, smb
dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, brow$
idmap_ldb:use rfc2307 = yes
[netlogon]
path = /opt/samba/var/locks/sysvol/yamatomura.local/scripts
read only = No
[sysvol]
path = /opt/samba/var/locks/sysvol
read only = No
GNU nano 2.2.6 File: /etc/hosts
127.0.0.1 localhost.yamatomura.local localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
192.168.0.20 raspberry1.yamatomura.local raspberry1
less /etc/init.d/samba-ad-dc
#! /bin/sh
### BEGIN INIT INFO
# Provides: samba-ad-dc
# Required-Start: $network $local_fs $remote_fs
# Required-Stop: $network $local_fs $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: start Samba daemons for the AD DC
### END INIT INFO
#
# Start/stops the Samba daemon (samba).
# Adapted from the Samba 3 packages.
#
PIDDIR=/opt/samba/var/run
SAMBAPID=$PIDDIR/samba.pid
# clear conflicting settings from the environment
unset TMPDIR
# See if the daemon and the config file are there
test -x /opt/samba/sbin/samba -a -r /opt/samba/etc/smb.conf || exit 0
. /lib/lsb/init-functions
case "$1" in
start)
SERVER_ROLE=`/opt/samba/bin//opt/samba/bin/samba-tool testparm --parameter-name="server role" 2>/dev/null | tail -1`
if [ "$SERVER_ROLE" != "active directory domain controller" ]; then
exit 0
fi
if init_is_upstart; then
exit 1
fi
# CVE-2013-4475
KEYFILE=/var/lib/samba/private/tls/key.pem
if [ -e $KEYFILE ]
then
KEYPERMS=`stat -c %a $KEYFILE`
if [ "$KEYPERMS" != "600" ]
then
echo "wrong permission on $KEYFILE, must be 600"
echo "samba will not start (CVE-2013-4475)"
echo "Removing all tls .pem files will cause an auto-regeneration with the correct permissions."
exit 1
fi
fi
log_daemon_msg "Starting Samba AD DC daemon" "samba"
# Make sure we have our PIDDIR, even if it's on a tmpfs
install -o root -g root -m 755 -d $PIDDIR
if ! start-stop-daemon --start --quiet --oknodo --exec /opt/samba/sbin/samba -- -D; then
log_end_msg 1
exit 1
fi
log_end_msg 0
;;
stop)
if init_is_upstart; then
exit 0
fi
log_daemon_msg "Stopping Samba AD DC daemon" "samba"
start-stop-daemon --stop --quiet --pidfile $SAMBAPID
# Wait a little and remove stale PID file
sleep 1
if [ -f $SAMBAPID ] && ! ps h `cat $SAMBAPID` > /dev/null
then
# Stale PID file (samba was succesfully stopped),
# remove it (should be removed by samba itself IMHO.)
rm -f $SAMBAPID
fi
log_end_msg 0
;;
restart|force-reload)
if init_is_upstart; then
exit 1
fi
$0 stop
sleep 1
$0 start
;;
status)
status_of_proc -p $SAMBAPID /opt/samba/sbin/samba samba
exit $?
;;
*)
echo "Usage: /etc/init.d/samba-ad-dc {start|stop|restart|force-reload|status}"
exit 1
;;
esac
exit 0
### BEGIN INIT INFO
# Provides: samba-ad-dc
# Required-Start: $network $local_fs $remote_fs
# Required-Stop: $network $local_fs $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: start Samba daemons for the AD DC
### END INIT INFO
#
# Start/stops the Samba daemon (samba).
# Adapted from the Samba 3 packages.
#
PIDDIR=/opt/samba/var/run
SAMBAPID=$PIDDIR/samba.pid
# clear conflicting settings from the environment
unset TMPDIR
# See if the daemon and the config file are there
test -x /opt/samba/sbin/samba -a -r /opt/samba/etc/smb.conf || exit 0
. /lib/lsb/init-functions
case "$1" in
start)
SERVER_ROLE=`/opt/samba/bin//opt/samba/bin/samba-tool testparm --parameter-name="server role" 2>/dev/null | tail -1`
if [ "$SERVER_ROLE" != "active directory domain controller" ]; then
exit 0
fi
if init_is_upstart; then
exit 1
fi
# CVE-2013-4475
KEYFILE=/var/lib/samba/private/tls/key.pem
if [ -e $KEYFILE ]
then
KEYPERMS=`stat -c %a $KEYFILE`
if [ "$KEYPERMS" != "600" ]
then
echo "wrong permission on $KEYFILE, must be 600"
echo "samba will not start (CVE-2013-4475)"
echo "Removing all tls .pem files will cause an auto-regeneration with the correct permissions."
exit 1
fi
fi
log_daemon_msg "Starting Samba AD DC daemon" "samba"
# Make sure we have our PIDDIR, even if it's on a tmpfs
install -o root -g root -m 755 -d $PIDDIR
if ! start-stop-daemon --start --quiet --oknodo --exec /opt/samba/sbin/samba -- -D; then
log_end_msg 1
exit 1
fi
log_end_msg 0
;;
stop)
if init_is_upstart; then
exit 0
fi
log_daemon_msg "Stopping Samba AD DC daemon" "samba"
start-stop-daemon --stop --quiet --pidfile $SAMBAPID
# Wait a little and remove stale PID file
sleep 1
if [ -f $SAMBAPID ] && ! ps h `cat $SAMBAPID` > /dev/null
then
# Stale PID file (samba was succesfully stopped),
# remove it (should be removed by samba itself IMHO.)
rm -f $SAMBAPID
fi
log_end_msg 0
;;
restart|force-reload)
if init_is_upstart; then
exit 1
fi
$0 stop
sleep 1
$0 start
;;
status)
status_of_proc -p $SAMBAPID /opt/samba/sbin/samba samba
exit $?
;;
*)
echo "Usage: /etc/init.d/samba-ad-dc {start|stop|restart|force-reload|status}"
exit 1
;;
esac
exit 0
GNU nano 2.2.6 File: /etc/krb5.conf
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
default_realm = YAMATOMURA.LOCAL
dns_lookup_realm = true
dns_lookup_kdc = true
YAMATOMURA.LOCAL = {
kdc = raspberry1.yamatomura.local
admin_server = raspberry1.yamatomura.local
}
.yamatomura.local = YAMATOMURA.LOCAL
yamatomura.local = YAMATOMURA.LOCAL
0 コメント:
コメントを投稿