Linux - HA-Cluster di DC con Samba e LDAP - Parte 2

Ovviamente dovranno essere modificati alcuni parametri in base alle proprie necessità:

Server primario

mkdir /data
 
vim /etc/samba/smb.conf 
 

# # Primary Domain Controller smb.conf

# # Global parameters
[global]
unix charset = LOCALE
workgroup = DDESIGN
netbios name = node1
#passdb backend = ldapsam:ldap://127.0.0.1
#passdb backend = ldapsam:"ldap://192.168.0.2 ldap://192.168.0.3"
passdb backend =ldapsam:"ldap://node1.differentialdesign.org ldap://node2.differentialdesign.org"
username map = /etc/samba/smbusers
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 0
name resolve order = wins bcast hosts
time server = Yes
printcap name = CUPS
add user script = /opt/IDEALX/sbin/smbldap-useradd -m '%u'
delete user script = /opt/IDEALX/sbin/smbldap-userdel '%u'
add group script = /opt/IDEALX/sbin/smbldap-groupadd -p '%g'
delete group script = /opt/IDEALX/sbin/smbldap-groupdel '%g'
add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m '%g' '%u'
delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x '%g' '%u'
set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g '%g' '%u'
add machine script = /opt/IDEALX/sbin/smbldap-useradd -w '%u'
shutdown script = /var/lib/samba/scripts/shutdown.sh
abort shutdown script = /sbin/shutdown -c
logon script = %u.bat
#logon path = \\192.168.0.4\profiles\%u
logon path = \\nodes.differentialdesign.org\profiles\%u
logon drive = H:
domain logons = Yes
domain master = Yes
wins support = Yes
# peformance optimization all users stored in ldap
ldapsam:trusted = yes
ldap suffix = dc=differentialdesign,dc=org
ldap machine suffix = ou=Computers,ou=Users
ldap user suffix = ou=People,ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=sambaadmin,dc=differentialdesign,dc=org
idmap backend = ldap://127.0.0.1
idmap uid = 10000-20000
idmap gid = 10000-20000
printer admin = root
printing = cups

#========================Share Definitions=========================

[homes]
 comment = Home Directories
 valid users = %S
 browseable = yes
 writable = yes
 create mask = 0600
 directory mask = 0700

[netlogon]
comment = Network Logon Service
path = /data/samba/netlogon
writeable = yes
browseable = yes
read only = no

[profiles]
path = /data/samba/profiles
writeable = yes
browseable = no
read only = no
create mode = 0777
directory mode = 0777

[Documents]
comment = share to test samba
path = /data/documents
writeable = yes
browseable = yes
read only = no
valid users = "@Domain Users"
 
Server primario

mkdir /data
 
vim /etc/samba/smb.conf 


# # Backup Domain Controller
# # Global parameters

[global]
unix charset = LOCALE
workgroup = DDESIGN
netbios name = node2
#passdb backend = ldapsam:ldap://127.0.0.1
#passdb backend = ldapsam:"ldap://192.168.0.2 ldap://192.168.0.3"
passdb backend = ldapsam:"ldap://node2.differentialdesign.org ldap://node1.differentialdesign.org"
username map = /etc/samba/smbusers
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50
name resolve order = wins bcast hosts
printcap name = CUPS
show add printer wizard = No
logon script = %u.bat
#logon path = \\192.168.0.4\profiles\%u
logon path = \\nodes.differentialdesign.org\profiles\%u
logon drive = H:
domain logons = Yes
os level = 63
domain master = No
wins server = node1.differentialdesign.org
ldap suffix = dc=differentialdesign,dc=org
ldap machine suffix = ou=Computers,ou=Users
ldap user suffix = ou=People,ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=sambaadmin,dc=differentialdesign,dc=org
utmp = Yes
idmap backend = ldap://node1.differentialdesign.org
idmap uid = 10000-20000
idmap gid = 10000-20000
printing = cups

#========================Share Definitions=========================

[homes]
comment = Home Directories
valid users = %S
browseable = yes
writable = yes
create mask = 0600
directory mask = 0700

[netlogon]
comment = Network Logon Service
path = /data/samba/netlogon
writeable = yes
browseable = yes
read only = no

[profiles]
path = /data/samba/profiles
writeable = yes
browseable = no
read only = no
create mode = 0777
directory mode = 0777

[Documents]
comment = share to test samba
path = /data/documents
writeable = yes
browseable = yes
read only = no
valid users = "@Domain Users"
 
HOST su NODE1
 
E' importante modificare il file host sia sul nodo1 di seguito:

[root@node1 ~]# vi /etc/hosts  

# Do not remove the following line, or various programs 
# that require network functionality will fail. 

127.0.0.1       node1   localhost.localdomain   localhost
192.168.0.2     node1.differentialdesign.org
192.168.0.3     node2.differentialdesign.org 
192.168.0.4     nodes.differentialdesign.org  
 
HOST su NODE2
 

 [root@node2 ~]# vi /etc/hosts  

# Do not remove the following line, or various programs 
# that require network functionality will fail.

127.0.0.1       node2   localhost.localdomain   localhost 
192.168.0.2     node1.differentialdesign.org 
192.168.0.3      node2.differentialdesign.org 
192.168.0.4      nodes.differentialdesign.org   

Per un discorso di sicurezza di samba focalizzarsi sul comando hosts allow  

## /etc/samba/smb.conf  
## Global parameters  

[global] 
workgroup = DDESIGN 
security = user 
hosts allow = 192.168.0.0/24 

ed inoltre:


## /etc/samba/smb.conf 
## ==== Share Definitions =====  

[Documents] 
comment = share to test 
sambapath = /data/documents 
writeable = yes 
browseable = yes 
read only = no 
valid users = "@Domain Users" 
hosts allow = 192.168.0.100/24