Void Server como Domain Control
O objetivo nesse tutorial é subir um Controlador de Domínio Primário no Void Linux (glibc) compilando o Samba4 a partir do código fonte, configurando DNS interno, Kerberos, integração AD, ACLs, serviços e toda a pilha necessária para controlar os clientes da rede, com uma floresta de nível 2016.
[ Hits: 339 ]
Por: Eduardo Charquero em 07/12/2025 | Blog: https://www.instagram.com/educharquero/
Troubleshooting da instalação/configuração
Agora iremos validar importantes serviços do PDC como DNS, SMB, Winbind e Kerberos:
# ps aux | grep samba
Resultado recebido:
root 28030 0.0 0.0 2392 1388 ? Ss 01:14 0:00 runsv samba-ad-dc
root 28031 0.0 0.0 2540 1376 ? S 01:14 0:00 svlogd -tt /var/log/samba-ad-dc
root 28032 0.1 3.3 129656 66884 ? S 01:14 0:04 samba: root process
. root 28033 0.0 1.6 129152 33728 ? S 01:14 0:00 samba: tfork waiter process(28034)
root 28034 0.0 3.3 133112 67156 ? Ss 01:14 0:00 /opt/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground
root 28038 0.0 1.6 129152 33432 ? S 01:14 0:00 samba: tfork waiter process(28039)
root 28039 0.0 3.1 127588 63240 ? Ss 01:14 0:00 /opt/samba/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
root 28180 0.0 0.1 6696 2556 pts/0 S+ 02:10 0:00 grep samba
# samba-tool user show administrator
Resultado recebido:
dn: CN=Administrator,CN=Users,DC=educatux,DC=edu
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Administrator
description: Built-in account for administering the computer/domain
instanceType: 4
whenCreated: 20251127040618.0Z
uSNCreated: 3889
name: Administrator
objectGUID: 732e3aed-f232-427d-9377-5bf7bc79cd8e
userAccountControl: 512
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
pwdLastSet: 134086899781242602
primaryGroupID: 513
objectSid: S-1-5-21-294413610-3908852046-3961109876-500
adminCount: 1
accountExpires: 9223372036854775807
sAMAccountName: Administrator
sAMAccountType: 805306368
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=educatux,DC=edu
isCriticalSystemObject: TRUE
memberOf: CN=Domain Admins,CN=Users,DC=educatux,DC=edu
memberOf: CN=Schema Admins,CN=Users,DC=educatux,DC=edu
memberOf: CN=Enterprise Admins,CN=Users,DC=educatux,DC=edu
memberOf: CN=Group Policy Creator Owners,CN=Users,DC=educatux,DC=edu
memberOf: CN=Administrators,CN=Builtin,DC=educatux,DC=edu
lastLogonTimestamp: 134086916533352620
whenChanged: 20251127043413.0Z
uSNChanged: 4307
lastLogon: 134086917409338150
logonCount: 5
distinguishedName: CN=Administrator,CN=Users,DC=educatux,DC=edu
# wbinfo -u
Resultado recebido:
EDUCATUX\administrator
EDUCATUX\guest
EDUCATUX\krbtgt
# wbinfo -g
Resultado recebido:
EDUCATUX\administrator
EDUCATUX\guest
EDUCATUX\krbtgt
# wbinfo -g
EDUCATUX\cert publishers
EDUCATUX\ras and ias servers
EDUCATUX\allowed rodc password replication group
EDUCATUX\denied rodc password replication group
EDUCATUX\dnsadmins
EDUCATUX\enterprise read-only domain controllers
EDUCATUX\domain admins
EDUCATUX\domain users
EDUCATUX\domain guests
EDUCATUX\domain computers
EDUCATUX\domain controllers
EDUCATUX\schema admins
EDUCATUX\enterprise admins
EDUCATUX\group policy creator owners
EDUCATUX\read-only domain controllers
EDUCATUX\protected users
EDUCATUX\dnsupdateproxy
# getent group "Domain Admins"
Resultado recebido:
EDUCATUX\domain admins:x:3000004:
# smbclient -L localhost -U Administrator
Resultado recebido:
Password for [EDUCATUX\Administrator]:
Sharename Type Comment
--------- ---- -------
sysvol Disk
netlogon Disk
IPC$ IPC IPC Service (Samba 4.23.3)
SMB1 disabled -- no workgroup available
# samba-tool dns zonelist localhost -U administrator
Resultado recebido:
Password for [EDUCATUX\administrator]:
2 zone(s) found
pszZoneName : educatux.edu
Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.educatux.edu
pszZoneName : _msdcs.educatux.edu
Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
pszDpFqdn : ForestDnsZones.educatux.edu
# samba-tool user show administrator
Resultado recebido:
dn: CN=Administrator,CN=Users,DC=educatux,DC=edu
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Administrator
description: Built-in account for administering the computer/domain
instanceType: 4
whenCreated: 20251127040618.0Z
uSNCreated: 3889
name: Administrator
objectGUID: 732e3aed-f232-427d-9377-5bf7bc79cd8e
userAccountControl: 512
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
pwdLastSet: 134086899781242602
primaryGroupID: 513
objectSid: S-1-5-21-294413610-3908852046-3961109876-500
adminCount: 1
accountExpires: 9223372036854775807
sAMAccountName: Administrator
sAMAccountType: 805306368
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=educatux,DC=edu
isCriticalSystemObject: TRUE
memberOf: CN=Domain Admins,CN=Users,DC=educatux,DC=edu
memberOf: CN=Schema Admins,CN=Users,DC=educatux,DC=edu
memberOf: CN=Enterprise Admins,CN=Users,DC=educatux,DC=edu
memberOf: CN=Group Policy Creator Owners,CN=Users,DC=educatux,DC=edu
memberOf: CN=Administrators,CN=Builtin,DC=educatux,DC=edu
lastLogonTimestamp: 134086916533352620
whenChanged: 20251127043413.0Z
uSNChanged: 4307
lastLogon: 134086917409338150
logonCount: 5
distinguishedName: CN=Administrator,CN=Users,DC=educatux,DC=edu
# samba-tool domain passwordsettings set --history-length=0
# samba-tool domain passwordsettings set --min-pwd-length=0
# samba-tool domain passwordsettings set --min-pwd-age=0
# samba-tool user setexpiry Administrator --noexpiry
Reler as configurações do Samba4:
# smbcontrol all reload-config
# klist
Resultado recebido:
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Administrator@EDUCATUX.EDU
Valid starting Expires Service principal
27/11/2025 02:22:52 27/11/2025 12:22:52 krbtgt/EDUCATUX.EDU@EDUCATUX.EDU
renew until 28/11/2025 02:22:47
# samba-tool dns query voiddc01 educatux.edu @ A -U Administrator
Resultado recebido:
Password for [EDUCATUX\Administrator]:
Name=, Records=1, Children=0
A: 192.168.70.250 (flags=600000f0, serial=1, ttl=900)
Name=_msdcs, Records=0, Children=0
Name=_sites, Records=0, Children=1
Name=_tcp, Records=0, Children=4
Name=_udp, Records=0, Children=2
Name=DomainDnsZones, Records=0, Children=2
Name=ForestDnsZones, Records=0, Children=2
Name=voiddc01, Records=1, Children=0
A: 192.168.70.250 (flags=f0, serial=1, ttl=900)
# drill google.com @192.168.70.250
Resultado obtido:
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 50285
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; google.com. IN A
;; ANSWER SECTION:
google.com. 300 IN A 172.217.30.142
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 224 msec
;; EDNS: version 0; flags: ; udp: 1232
;; SERVER: 192.168.70.250
;; WHEN: Thu Nov 27 02:30:42 2025
;; MSG SIZE rcvd: 55
# samba_dnsupdate --verbose
IPs: ['192.168.70.250']
Looking for DNS entry A voiddc01.educatux.edu 192.168.70.250 as voiddc01.educatux.edu.
Looking for DNS entry CNAME a9126dd4-c5ad-46b4-b91b-6ae91313e3b8._msdcs.educatux.edu
voiddc01.educatux.edu as a9126dd4-c5ad-46b4-b91b-6ae91313e3b8._msdcs.educatux.edu.
Looking for DNS entry NS educatux.edu voiddc01.educatux.edu as educatux.edu.
Looking for DNS entry NS _msdcs.educatux.edu voiddc01.educatux.edu as _msdcs.educatux.edu.
Looking for DNS entry A educatux.edu 192.168.70.250 as educatux.edu.
Looking for DNS entry SRV _ldap._tcp.educatux.edu voiddc01.educatux.edu 389 as _ldap._tcp.educatux.edu.
Checking 0 100 389 voiddc01.educatux.edu. against SRV _ldap._tcp.educatux.edu voiddc01.educatux.edu 389
Looking for DNS entry SRV _ldap._tcp.dc._msdcs.educatux.edu voiddc01.educatux.edu 389 as _ldap._tcp.dc._msdcs.educatux.edu.
Checking 0 100 389 voiddc01.educatux.edu. against SRV _ldap._tcp.dc._msdcs.educatux.edu voiddc01.educatux.edu 389
Looking for DNS entry SRV _ldap._tcp.f5cccdab-a9d9-4b1f-9344-d2affb3c9855.domains._msdcs.educatux.edu voiddc01.educatux.edu 389 as _ldap._tcp.f5cccdab-a9d9-4b1f-9344-d2affb3c9855.domains._msdcs.educatux.edu.
Checking 0 100 389 voiddc01.educatux.edu. against SRV _ldap._tcp.f5cccdab-a9d9-4b1f-9344-d2affb3c9855.domains._msdcs.educatux.edu voiddc01.educatux.edu 389
Looking for DNS entry SRV _kerberos._tcp.educatux.edu voiddc01.educatux.edu 88 as _kerberos._tcp.educatux.edu.
Checking 0 100 88 voiddc01.educatux.edu. against SRV _kerberos._tcp.educatux.edu voiddc01.educatux.edu 88
Looking for DNS entry SRV _kerberos._udp.educatux.edu voiddc01.educatux.edu 88 as _kerberos._udp.educatux.edu.
Checking 0 100 88 voiddc01.educatux.edu. against SRV _kerberos._udp.educatux.edu voiddc01.educatux.edu 88
Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.educatux.edu voiddc01.educatux.edu 88 as _kerberos._tcp.dc._msdcs.educatux.edu.
Checking 0 100 88 voiddc01.educatux.edu. against SRV _kerberos._tcp.dc._msdcs.educatux.edu voiddc01.educatux.edu 88
Looking for DNS entry SRV _kpasswd._tcp.educatux.edu voiddc01.educatux.edu 464 as _kpasswd._tcp.educatux.edu.
Checking 0 100 464 voiddc01.educatux.edu. against SRV _kpasswd._tcp.educatux.edu voiddc01.educatux.edu 464
Looking for DNS entry SRV _kpasswd._udp.educatux.edu voiddc01.educatux.edu 464 as _kpasswd._udp.educatux.edu.
Checking 0 100 464 voiddc01.educatux.edu. against SRV _kpasswd._udp.educatux.edu voiddc01.educatux.edu 464
Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.educatux.edu voiddc01.educatux.edu 389 as _ldap._tcp.Default-First-Site-Name._sites.educatux.edu. Checking 0 100 389 voiddc01.educatux.edu. against SRV _ldap._tcp.Default-First-Site-Name._sites.educatux.edu voiddc01.educatux.edu 389
Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.educatux.edu voiddc01.educatux.edu 389 as _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.educatux.edu. Checking 0 100 389 voiddc01.educatux.edu. against SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.educatux.edu voiddc01.educatux.edu 389
Looking for DNS entry SRV _kerberos._tcp.Default-First-Site-Name._sites.educatux.edu voiddc01.educatux.edu 88 as _kerberos._tcp.Default-First-Site-Name._sites.educatux.edu. Checking 0 100 88 voiddc01.educatux.edu. against SRV _kerberos._tcp.Default-First-Site-Name._sites.educatux.edu voiddc01.educatux.edu 88
Looking for DNS entry SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.educatux.edu voiddc01.educatux.edu 88 as _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.educatux.edu.
Checking 0 100 88 voiddc01.educatux.edu. against SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.educatux.edu voiddc01.educatux.edu 88
Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.educatux.edu voiddc01.educatux.edu 389 as _ldap._tcp.pdc._msdcs.educatux.edu.
Checking 0 100 389 voiddc01.educatux.edu. against SRV _ldap._tcp.pdc._msdcs.educatux.edu voiddc01.educatux.edu 389
Looking for DNS entry A gc._msdcs.educatux.edu 192.168.70.250 as gc._msdcs.educatux.edu. Looking for DNS entry SRV _gc._tcp.educatux.edu voiddc01.educatux.edu 3268 as _gc._tcp.educatux.edu.
Checking 0 100 3268 voiddc01.educatux.edu. against SRV _gc._tcp.educatux.edu voiddc01.educatux.edu 3268
Looking for DNS entry SRV _ldap._tcp.gc._msdcs.educatux.edu voiddc01.educatux.edu 3268 as _ldap._tcp.gc._msdcs.educatux.edu.
Checking 0 100 3268 voiddc01.educatux.edu. against SRV _ldap._tcp.gc._msdcs.educatux.edu voiddc01.educatux.edu 3268
Looking for DNS entry SRV _gc._tcp.Default-First-Site-Name._sites.educatux.edu voiddc01.educatux.edu 3268 as _gc._tcp.Default-First-Site-Name._sites.educatux.edu. Checking 0 100 3268 voiddc01.educatux.edu. against SRV _gc._tcp.Default-First-Site-Name._sites.educatux.edu voiddc01.educatux.edu 3268
Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.educatux.edu voiddc01.educatux.edu 3268 as _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.educatux.edu. Checking 0 100 3268 voiddc01.educatux.edu. against SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.educatux.edu voiddc01.educatux.edu 3268
Looking for DNS entry A DomainDnsZones.educatux.edu 192.168.70.250 as DomainDnsZones.educatux.edu.
Looking for DNS entry SRV _ldap._tcp.DomainDnsZones.educatux.edu voiddc01.educatux.edu 389 as _ldap._tcp.DomainDnsZones.educatux.edu.
Checking 0 100 389 voiddc01.educatux.edu. against SRV _ldap._tcp.DomainDnsZones.educatux.edu voiddc01.educatux.edu 389
Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.educatux.edu voiddc01.educatux.edu 389 as _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.educatux.edu.
Checking 0 100 389 voiddc01.educatux.edu. against SRV _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.educatux.edu voiddc01.educatux.edu 389 Looking for DNS entry A ForestDnsZones.educatux.edu 192.168.70.250 as ForestDnsZones.educatux.edu.
Looking for DNS entry SRV _ldap._tcp.ForestDnsZones.educatux.edu voiddc01.educatux.edu 389 as _ldap._tcp.ForestDnsZones.educatux.edu.
Checking 0 100 389 voiddc01.educatux.edu. against SRV _ldap._tcp.ForestDnsZones.educatux.edu voiddc01.educatux.edu 389
Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.educatux.edu voiddc01.educatux.edu 389 as _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.educatux.edu.
Checking 0 100 389 voiddc01.educatux.edu. against SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.educatux.edu voiddc01.educatux.edu 389
No DNS updates needed
# ps aux | grep samba
Resultado recebido:
root 28030 0.0 0.0 2392 1388 ? Ss 01:14 0:00 runsv samba-ad-dc
root 28031 0.0 0.0 2540 1376 ? S 01:14 0:00 svlogd -tt /var/log/samba-ad-dc
root 28032 0.1 3.3 129656 66884 ? S 01:14 0:04 samba: root process
. root 28033 0.0 1.6 129152 33728 ? S 01:14 0:00 samba: tfork waiter process(28034)
root 28034 0.0 3.3 133112 67156 ? Ss 01:14 0:00 /opt/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground
root 28038 0.0 1.6 129152 33432 ? S 01:14 0:00 samba: tfork waiter process(28039)
root 28039 0.0 3.1 127588 63240 ? Ss 01:14 0:00 /opt/samba/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
root 28180 0.0 0.1 6696 2556 pts/0 S+ 02:10 0:00 grep samba
# samba-tool user show administrator
Resultado recebido:
dn: CN=Administrator,CN=Users,DC=educatux,DC=edu
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Administrator
description: Built-in account for administering the computer/domain
instanceType: 4
whenCreated: 20251127040618.0Z
uSNCreated: 3889
name: Administrator
objectGUID: 732e3aed-f232-427d-9377-5bf7bc79cd8e
userAccountControl: 512
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
pwdLastSet: 134086899781242602
primaryGroupID: 513
objectSid: S-1-5-21-294413610-3908852046-3961109876-500
adminCount: 1
accountExpires: 9223372036854775807
sAMAccountName: Administrator
sAMAccountType: 805306368
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=educatux,DC=edu
isCriticalSystemObject: TRUE
memberOf: CN=Domain Admins,CN=Users,DC=educatux,DC=edu
memberOf: CN=Schema Admins,CN=Users,DC=educatux,DC=edu
memberOf: CN=Enterprise Admins,CN=Users,DC=educatux,DC=edu
memberOf: CN=Group Policy Creator Owners,CN=Users,DC=educatux,DC=edu
memberOf: CN=Administrators,CN=Builtin,DC=educatux,DC=edu
lastLogonTimestamp: 134086916533352620
whenChanged: 20251127043413.0Z
uSNChanged: 4307
lastLogon: 134086917409338150
logonCount: 5
distinguishedName: CN=Administrator,CN=Users,DC=educatux,DC=edu
# wbinfo -u
Resultado recebido:
EDUCATUX\administrator
EDUCATUX\guest
EDUCATUX\krbtgt
# wbinfo -g
Resultado recebido:
EDUCATUX\administrator
EDUCATUX\guest
EDUCATUX\krbtgt
# wbinfo -g
EDUCATUX\cert publishers
EDUCATUX\ras and ias servers
EDUCATUX\allowed rodc password replication group
EDUCATUX\denied rodc password replication group
EDUCATUX\dnsadmins
EDUCATUX\enterprise read-only domain controllers
EDUCATUX\domain admins
EDUCATUX\domain users
EDUCATUX\domain guests
EDUCATUX\domain computers
EDUCATUX\domain controllers
EDUCATUX\schema admins
EDUCATUX\enterprise admins
EDUCATUX\group policy creator owners
EDUCATUX\read-only domain controllers
EDUCATUX\protected users
EDUCATUX\dnsupdateproxy
# getent group "Domain Admins"
Resultado recebido:
EDUCATUX\domain admins:x:3000004:
# smbclient -L localhost -U Administrator
Resultado recebido:
Password for [EDUCATUX\Administrator]:
Sharename Type Comment
--------- ---- -------
sysvol Disk
netlogon Disk
IPC$ IPC IPC Service (Samba 4.23.3)
SMB1 disabled -- no workgroup available
# samba-tool dns zonelist localhost -U administrator
Resultado recebido:
Password for [EDUCATUX\administrator]:
2 zone(s) found
pszZoneName : educatux.edu
Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.educatux.edu
pszZoneName : _msdcs.educatux.edu
Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
pszDpFqdn : ForestDnsZones.educatux.edu
# samba-tool user show administrator
Resultado recebido:
dn: CN=Administrator,CN=Users,DC=educatux,DC=edu
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Administrator
description: Built-in account for administering the computer/domain
instanceType: 4
whenCreated: 20251127040618.0Z
uSNCreated: 3889
name: Administrator
objectGUID: 732e3aed-f232-427d-9377-5bf7bc79cd8e
userAccountControl: 512
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
pwdLastSet: 134086899781242602
primaryGroupID: 513
objectSid: S-1-5-21-294413610-3908852046-3961109876-500
adminCount: 1
accountExpires: 9223372036854775807
sAMAccountName: Administrator
sAMAccountType: 805306368
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=educatux,DC=edu
isCriticalSystemObject: TRUE
memberOf: CN=Domain Admins,CN=Users,DC=educatux,DC=edu
memberOf: CN=Schema Admins,CN=Users,DC=educatux,DC=edu
memberOf: CN=Enterprise Admins,CN=Users,DC=educatux,DC=edu
memberOf: CN=Group Policy Creator Owners,CN=Users,DC=educatux,DC=edu
memberOf: CN=Administrators,CN=Builtin,DC=educatux,DC=edu
lastLogonTimestamp: 134086916533352620
whenChanged: 20251127043413.0Z
uSNChanged: 4307
lastLogon: 134086917409338150
logonCount: 5
distinguishedName: CN=Administrator,CN=Users,DC=educatux,DC=edu
Desabilitar a complexidade de senhas para usuários do domínio (facilitar testes em laboratório - Inseguro para produção!)
# samba-tool domain passwordsettings set --complexity=off# samba-tool domain passwordsettings set --history-length=0
# samba-tool domain passwordsettings set --min-pwd-length=0
# samba-tool domain passwordsettings set --min-pwd-age=0
# samba-tool user setexpiry Administrator --noexpiry
Reler as configurações do Samba4:
# smbcontrol all reload-config
Validar troca de tickets do Kerberos
# kinit Administrator@EDUCATUX.EDU# klist
Resultado recebido:
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Administrator@EDUCATUX.EDU
Valid starting Expires Service principal
27/11/2025 02:22:52 27/11/2025 12:22:52 krbtgt/EDUCATUX.EDU@EDUCATUX.EDU
renew until 28/11/2025 02:22:47
# samba-tool dns query voiddc01 educatux.edu @ A -U Administrator
Resultado recebido:
Password for [EDUCATUX\Administrator]:
Name=, Records=1, Children=0
A: 192.168.70.250 (flags=600000f0, serial=1, ttl=900)
Name=_msdcs, Records=0, Children=0
Name=_sites, Records=0, Children=1
Name=_tcp, Records=0, Children=4
Name=_udp, Records=0, Children=2
Name=DomainDnsZones, Records=0, Children=2
Name=ForestDnsZones, Records=0, Children=2
Name=voiddc01, Records=1, Children=0
A: 192.168.70.250 (flags=f0, serial=1, ttl=900)
# drill google.com @192.168.70.250
Resultado obtido:
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 50285
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; google.com. IN A
;; ANSWER SECTION:
google.com. 300 IN A 172.217.30.142
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 224 msec
;; EDNS: version 0; flags: ; udp: 1232
;; SERVER: 192.168.70.250
;; WHEN: Thu Nov 27 02:30:42 2025
;; MSG SIZE rcvd: 55
# samba_dnsupdate --verbose
IPs: ['192.168.70.250']
Looking for DNS entry A voiddc01.educatux.edu 192.168.70.250 as voiddc01.educatux.edu.
Looking for DNS entry CNAME a9126dd4-c5ad-46b4-b91b-6ae91313e3b8._msdcs.educatux.edu
voiddc01.educatux.edu as a9126dd4-c5ad-46b4-b91b-6ae91313e3b8._msdcs.educatux.edu.
Looking for DNS entry NS educatux.edu voiddc01.educatux.edu as educatux.edu.
Looking for DNS entry NS _msdcs.educatux.edu voiddc01.educatux.edu as _msdcs.educatux.edu.
Looking for DNS entry A educatux.edu 192.168.70.250 as educatux.edu.
Looking for DNS entry SRV _ldap._tcp.educatux.edu voiddc01.educatux.edu 389 as _ldap._tcp.educatux.edu.
Checking 0 100 389 voiddc01.educatux.edu. against SRV _ldap._tcp.educatux.edu voiddc01.educatux.edu 389
Looking for DNS entry SRV _ldap._tcp.dc._msdcs.educatux.edu voiddc01.educatux.edu 389 as _ldap._tcp.dc._msdcs.educatux.edu.
Checking 0 100 389 voiddc01.educatux.edu. against SRV _ldap._tcp.dc._msdcs.educatux.edu voiddc01.educatux.edu 389
Looking for DNS entry SRV _ldap._tcp.f5cccdab-a9d9-4b1f-9344-d2affb3c9855.domains._msdcs.educatux.edu voiddc01.educatux.edu 389 as _ldap._tcp.f5cccdab-a9d9-4b1f-9344-d2affb3c9855.domains._msdcs.educatux.edu.
Checking 0 100 389 voiddc01.educatux.edu. against SRV _ldap._tcp.f5cccdab-a9d9-4b1f-9344-d2affb3c9855.domains._msdcs.educatux.edu voiddc01.educatux.edu 389
Looking for DNS entry SRV _kerberos._tcp.educatux.edu voiddc01.educatux.edu 88 as _kerberos._tcp.educatux.edu.
Checking 0 100 88 voiddc01.educatux.edu. against SRV _kerberos._tcp.educatux.edu voiddc01.educatux.edu 88
Looking for DNS entry SRV _kerberos._udp.educatux.edu voiddc01.educatux.edu 88 as _kerberos._udp.educatux.edu.
Checking 0 100 88 voiddc01.educatux.edu. against SRV _kerberos._udp.educatux.edu voiddc01.educatux.edu 88
Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.educatux.edu voiddc01.educatux.edu 88 as _kerberos._tcp.dc._msdcs.educatux.edu.
Checking 0 100 88 voiddc01.educatux.edu. against SRV _kerberos._tcp.dc._msdcs.educatux.edu voiddc01.educatux.edu 88
Looking for DNS entry SRV _kpasswd._tcp.educatux.edu voiddc01.educatux.edu 464 as _kpasswd._tcp.educatux.edu.
Checking 0 100 464 voiddc01.educatux.edu. against SRV _kpasswd._tcp.educatux.edu voiddc01.educatux.edu 464
Looking for DNS entry SRV _kpasswd._udp.educatux.edu voiddc01.educatux.edu 464 as _kpasswd._udp.educatux.edu.
Checking 0 100 464 voiddc01.educatux.edu. against SRV _kpasswd._udp.educatux.edu voiddc01.educatux.edu 464
Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.educatux.edu voiddc01.educatux.edu 389 as _ldap._tcp.Default-First-Site-Name._sites.educatux.edu. Checking 0 100 389 voiddc01.educatux.edu. against SRV _ldap._tcp.Default-First-Site-Name._sites.educatux.edu voiddc01.educatux.edu 389
Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.educatux.edu voiddc01.educatux.edu 389 as _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.educatux.edu. Checking 0 100 389 voiddc01.educatux.edu. against SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.educatux.edu voiddc01.educatux.edu 389
Looking for DNS entry SRV _kerberos._tcp.Default-First-Site-Name._sites.educatux.edu voiddc01.educatux.edu 88 as _kerberos._tcp.Default-First-Site-Name._sites.educatux.edu. Checking 0 100 88 voiddc01.educatux.edu. against SRV _kerberos._tcp.Default-First-Site-Name._sites.educatux.edu voiddc01.educatux.edu 88
Looking for DNS entry SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.educatux.edu voiddc01.educatux.edu 88 as _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.educatux.edu.
Checking 0 100 88 voiddc01.educatux.edu. against SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.educatux.edu voiddc01.educatux.edu 88
Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.educatux.edu voiddc01.educatux.edu 389 as _ldap._tcp.pdc._msdcs.educatux.edu.
Checking 0 100 389 voiddc01.educatux.edu. against SRV _ldap._tcp.pdc._msdcs.educatux.edu voiddc01.educatux.edu 389
Looking for DNS entry A gc._msdcs.educatux.edu 192.168.70.250 as gc._msdcs.educatux.edu. Looking for DNS entry SRV _gc._tcp.educatux.edu voiddc01.educatux.edu 3268 as _gc._tcp.educatux.edu.
Checking 0 100 3268 voiddc01.educatux.edu. against SRV _gc._tcp.educatux.edu voiddc01.educatux.edu 3268
Looking for DNS entry SRV _ldap._tcp.gc._msdcs.educatux.edu voiddc01.educatux.edu 3268 as _ldap._tcp.gc._msdcs.educatux.edu.
Checking 0 100 3268 voiddc01.educatux.edu. against SRV _ldap._tcp.gc._msdcs.educatux.edu voiddc01.educatux.edu 3268
Looking for DNS entry SRV _gc._tcp.Default-First-Site-Name._sites.educatux.edu voiddc01.educatux.edu 3268 as _gc._tcp.Default-First-Site-Name._sites.educatux.edu. Checking 0 100 3268 voiddc01.educatux.edu. against SRV _gc._tcp.Default-First-Site-Name._sites.educatux.edu voiddc01.educatux.edu 3268
Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.educatux.edu voiddc01.educatux.edu 3268 as _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.educatux.edu. Checking 0 100 3268 voiddc01.educatux.edu. against SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.educatux.edu voiddc01.educatux.edu 3268
Looking for DNS entry A DomainDnsZones.educatux.edu 192.168.70.250 as DomainDnsZones.educatux.edu.
Looking for DNS entry SRV _ldap._tcp.DomainDnsZones.educatux.edu voiddc01.educatux.edu 389 as _ldap._tcp.DomainDnsZones.educatux.edu.
Checking 0 100 389 voiddc01.educatux.edu. against SRV _ldap._tcp.DomainDnsZones.educatux.edu voiddc01.educatux.edu 389
Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.educatux.edu voiddc01.educatux.edu 389 as _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.educatux.edu.
Checking 0 100 389 voiddc01.educatux.edu. against SRV _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.educatux.edu voiddc01.educatux.edu 389 Looking for DNS entry A ForestDnsZones.educatux.edu 192.168.70.250 as ForestDnsZones.educatux.edu.
Looking for DNS entry SRV _ldap._tcp.ForestDnsZones.educatux.edu voiddc01.educatux.edu 389 as _ldap._tcp.ForestDnsZones.educatux.edu.
Checking 0 100 389 voiddc01.educatux.edu. against SRV _ldap._tcp.ForestDnsZones.educatux.edu voiddc01.educatux.edu 389
Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.educatux.edu voiddc01.educatux.edu 389 as _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.educatux.edu.
Checking 0 100 389 voiddc01.educatux.edu. against SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.educatux.edu voiddc01.educatux.edu 389
No DNS updates needed
Páginas do artigo
1. Layout da rede e instalação dos pacotes2. Obtendo o código fonte e instalando o SAMBA4
3. Provisionando o domínio
4. Criando os serviços do samba-ad-dc no runit
5. NTP / Chrony Server
6. Ajuste de DNS Winbind e Kerberos pós provisionamento
7. O arquivo smb.conf
8. Troubleshooting da instalação/configuração
9. Resumo
Outros artigos deste autor
Nenhum artigo encontrado.
Leitura recomendada
Ubuntu 12.04 autenticando no Active Directory com Samba/Kerberos/Winbind
Autenticando usuários Windows no Linux (PDC)
Compilando e Utilizando o Samba4
Samba no Arch Linux (para principiantes)
Samba: Servidor de impressão e introdução a PDC (Primary Domain Controller)
Comentários
Nenhum comentário foi encontrado.
Patrocínio
Site hospedado pelo provedor RedeHost.
Destaques
Artigos
Cirurgia para acelerar o openSUSE em HD externo via USB
Void Server como Domain Control
Modo Simples de Baixar e Usar o bash-completion
Monitorando o Preço do Bitcoin ou sua Cripto Favorita em Tempo Real com um Widget Flutuante
Dicas
Como implementar Raid (0, 1, 5, 6, 10 e 50)
fusermount3 no Ubuntu 25.10 - mantenha o perfil do AppArmor
[Resolvido] dlopen(): error loading libfuse.so.2 AppImages require FUSE to run.
Criação de diretórios e aplicação de restrições de acesso no Linux
Tópicos
Como programar um sistema de controle para distribuições linux em c? (2)
Compartilhar ZEBRA ZD220 na rede (2)
Como programar um software que seja utilizado para coleta de dados em ... (1)
Top 10 do mês
-
Xerxes
1° lugar - 148.107 pts -
Fábio Berbert de Paula
2° lugar - 72.895 pts -
Mauricio Ferrari
3° lugar - 23.009 pts -
Alberto Federman Neto.
4° lugar - 21.111 pts -
edps
5° lugar - 20.288 pts -
Buckminster
6° lugar - 20.193 pts -
Daniel Lara Souza
7° lugar - 20.111 pts -
Andre (pinduvoz)
8° lugar - 19.509 pts -
Alessandro de Oliveira Faria (A.K.A. CABELO)
9° lugar - 17.363 pts -
Diego Mendes Rodrigues
10° lugar - 14.870 pts
Scripts
A maior comunidade GNU/Linux da América Latina! Artigos, dicas, tutoriais, fórum, scripts e muito mais. Ideal para quem busca auto-ajuda.
Site hospedado por:
