사. 도메인 서비스

intsrv

apt update && apt install -y bind9 samba winbind

systemctl stop smbd.service nmbd.service winbind.service
systemctl disable smbd.service nmbd.service winbind.service

mv /etc/samba/smb.conf /etc/samba/smb.conf.bak

samba-tool domain provision --server-role=dc --dns-backend=BIND9_DLZ --realm=SKILL39.LOCAL --domain=SKILL39 --adminpass=Skill39**

vi /etc/bind/named.conf

### vi ###
include "/var/lib/samba/bind-dns/named.conf";
### vi ###

vi /etc/bind/named.conf.options

### vi ###
dnssec-validation no;
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
### vi ###

systemctl restart bind9

cp /ca/certs/intsrv* /var/lib/samba/private/tls/
cp /etc/ssl/root-ca.crt /var/lib/samba/private/tls/

vi /etc/samba/smb.conf

### vi ###
[global]
tls enabled = yes
tls keyfile = tls/intsrv.key
tls certfile = tls/intsrv.crt
tls cafile = tls/root-ca.crt
### vi ###

systemctl unmask samba-ad-dc.service
systemctl enable samba-ad-dc.service
systemctl restart samba-ad-dc.service

samba-tool ou create ou=site1,dc=skill39,dc=local
samba-tool ou create ou=site2,dc=skill39,dc=local

samba-tool group add site1users --gid-number=10000 --nis-domain=SKILL39 --groupou ou=site1
samba-tool group add site2users --gid-number=20000 --nis-domain=SKILL39 --groupou ou=site2

vi /root/useradd.sh

### vi ###
#!/bin/bash
for i in `seq -w 1 10`
do
samba-tool user create site1user$i Skill39** --userou ou=site1 --unix-home=/home/site1user$i --uid-number=100$i --login-shell=/bin/bash --gid-number=10000 --uid site1user$i
samba-tool user create site2user$i Skill39** --userou ou=site2 --unix-home=/home/site2user$i --uid-number=200$i --login-shell=/bin/bash --gid-number=20000 --uid site2user$i
done
### vi ###

chmod 777 /root/useradd.sh; /root/useradd.sh

systemctl stop slapd
systemctl disable slapd
systemctl restart samba-ad-dc

samba-tool dns add localhost SKILL39.LOCAL WWW A 10.0.0.1 -Uadministrator -P
samba-tool dns add localhost SKILL39.LOCAL LDAP A 10.0.1.1 -Uadministrator -P
samba-tool dns add localhost SKILL39.LOCAL RADIUS A 10.0.1.1 -Uadministrator -P
samba-tool dns add localhost SKILL39.LOCAL SITE1 A 192.168.0.1 -Uadministrator -P
samba-tool dns add localhost SKILL39.LOCAL SITE2 A 172.16.0.1 -Uadministrator -P