Catatanw

April 4, 2013

Instalasi Samba4 Sebagai Domain Controller di Red Hat Enterprise Server 6.1 Bagian 2

Filed under: Kegiatan,Linux,Ngoprek — catatanpinguin @ 13:06

Tulisan berikut adalah lanjutan dari tulisan sebelumnya klik disini.

Konfigurasi DNS

1. Pastikan paket Bind telah terinstal pada mesin server Anda, jika belum terinstal lakukan instalasi paket tersebut, dengan menggunakan perintah berikut:

#yum install bind

2. Kemudian, edit berkas /etc/named.conf, seperti dibawah ini:

// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
//      listen-on port 53 { 127.0.0.1; };
listen-on port 53 { 192.168.100.189; };
listen-on-v6 port 53 { ::1; };
directory       “/var/named”;
dump-file       “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
allow-query     { localhost; any; };
recursion yes;

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

/* Path to ISC DLV key */
bindkeys-file “/etc/named.iscdlv.key”;

managed-keys-directory “/var/named/dynamic”;
};

logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};

zone “.” IN {
type hint;
file “named.ca”;
};

include “/etc/named.rfc1912.zones”;
include “/etc/named.root.key”;
#include “/usr/local/samba/private/named.conf”;

3. Selanjutnya edit berkas /usr/local/samba/private/named.conf, namun sebelum melakukan editing berkas tersebut lakukan backup terlebih dahulu.

zone “ker.en.” IN {
type master;
file “/usr/local/samba/private/ker.en.zone”;
update-policy {
grant KER.EN ms-self * A AAAA;
grant Administrator@KER.EN wildcard * A AAAA SRV CNAME;
grant SMB4$@ker.en wildcard * A AAAA SRV CNAME;

};
};

4. Buat berkas zoning DNS dengan nama ker.en.zone di direktori yang sama /usr/local/samba/private/

; -*- zone -*-
; generated by provision.pl
$ORIGIN ker.en.
$TTL 1W
@               IN SOA  @   smb4 (
2012052216   ; serial
2D              ; refresh
4H              ; retry
6W              ; expiry
1W )            ; minimum
IN NS   smb4             IN A    192.168.100.189
;

smb4        IN A    192.168.100.189
gc._msdcs               IN CNAME        smb4
8de12608-9880-4c52-ad21-8a1bf5ef7e41._msdcs     IN CNAME        smb4
;
; global catalog servers
_gc._tcp                IN SRV 0 100 3268       smb4
_gc._tcp.Default-First-Site-Name._sites IN SRV 0 100 3268       smb4
_ldap._tcp.gc._msdcs    IN SRV 0 100 389        smb4
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs     IN SRV 0 100 389 smb4
;
; ldap servers
_ldap._tcp              IN SRV 0 100 389        smb4
_ldap._tcp.dc._msdcs    IN SRV 0 100 389        smb4
_ldap._tcp.pdc._msdcs   IN SRV 0 100 389        smb4
_ldap._tcp.d709eaf9-d010-4f94-916c-ca3e8e179e24 IN SRV 0 100 389        smb4
_ldap._tcp.d709eaf9-d010-4f94-916c-ca3e8e179e24.domains._msdcs          IN SRV 0 100 389 smb4
_ldap._tcp.Default-First-Site-Name._sites               IN SRV 0 100 389 smb4
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs     IN SRV 0 100 389 smb4
;
; krb5 servers
_kerberos._tcp          IN SRV 0 100 88         smb4
_kerberos._tcp.dc._msdcs        IN SRV 0 100 88 smb4
_kerberos._tcp.Default-First-Site-Name._sites   IN SRV 0 100 88 smb4
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs IN SRV 0 100 88 smb4
_kerberos._udp          IN SRV 0 100 88         smb4
; MIT kpasswd likes to lookup this name on password change
_kerberos-master._tcp           IN SRV 0 100 88         smb4
_kerberos-master._udp           IN SRV 0 100 88         smb4

;
; kpasswd
_kpasswd._tcp           IN SRV 0 100 464        smb4
_kpasswd._udp           IN SRV 0 100 464        smb4
;
; heimdal ‘find realm for host’ hack
_kerberos               IN TXT  KER.EN

samba                  IN A    192.168.100.189

5. Masukkan DNS server Anda di berkas resolv.conf

#vim /etc/resolv.conf

domain ker.en
nameserver 192.168.100.189

6. Lakukan start pada service named

#service named start

7. Testing DNS Server

#host -t SRV _ldap._tcp.example.com.

_ldap._tcp.example.com has SRV record 0 100 389 server1.example.com.

#host -t SRV _kerberos._udp.example.com.

_kerberos._udp.example.com has SRV record 0 100 88 server1.example.com.

Instalasi dan Konfigurasi Kerberos

1. Instalasi kerberos

#yum install krb5-workstation

2. Konfigurasi kerberos

#mv /etc/krb5.conf /etc/krb5.conf.orig

#vim /etc/krb5.conf

[libdefaults]
default_realm = KER.EN
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes

[realms]
KER.EN = {
kdc = smb4.ker.en:88
admin_server = smb4.ker.en:749
default_domain = ker.en
}

[domain_realm]
.ker.en = KER.EN
ker.en = KER.EN

7. Testing Kerberos

#kinit Administrator@KER.EN

8. Lakukan join domain pada windows client, untuk dapat memanajemen Domain Controller Active Directory, Anda harus menginstal aplikasi Windows Remote Administration Tools di sistem operasi windows yang telah melakukan join domain sebelumnya.

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: