在本教程中,我将向您展示如何配置一个额外的域控制器,这是SAMBA 4的主要功能之一。我将使用我以前的教程中的现有Samba 4服务器作为主域控制器。 此设置为AD服务(Ldap架构和dns)提供了一定程度的负载平衡和故障切换,并且配置非常简单。 我们也可以使用此功能来扩展环境。
我将使用现有的Samba4 AD服务器和一个新的附加服务器。
注意:在我以前的文章中,我使用192.168.1.190作为主域控制器,由于 我的实验室环境 中的 ipaddress 冲突, 我将其更改为192.168.1.180。
服务器
- 192.168.1.180,samba4.sunil.cc - 主域控制器Centos7 AD1
- 192.168.1.170,dc.sunil.cc - 辅助域控制器或其他域控制器Centos7 AD2
在本教程中,每当我指出AD1指的是主AD服务器 , AD2是指二级服务器 ,那么请参考这个链接。
配置主域控制器
请参考这个链接
Samba 4与Active Directory在CentOS 7 rpm的基础上安装共享支持
配置辅助域控制器
AD2
在服务器192.168.1.170,dc.sunil.cc - (辅助域控制器或其他域控制器)做:
我们将以Centos 7为基础,启用SELinux。
[root@dc ~]# yum -y update
Selinux已启用。
[root@dc ~]# sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28 [root@dc ~]#
在主机文件中输入条目:
请确保在/ etc / hosts中
添加主AD和辅助AD
AD1
[root@samba4 ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.1.180 samba4.sunil.cc samba4 192.168.1.170 dc.sunil.cc dc [root@samba4 ~]#
AD2
[root@dc ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.1.180 samba4.sunil.cc samba4 192.168.1.170 dc.sunil.cc dc [root@dc ~]#
启用epel repo。
[root@dc ~]# yum install epel-release -y
安装基本软件包
[root@dc ~]# yum install vim wget authconfig krb5-workstation -y
安装samba4 rpms的机翼repo。
[root@dc ~]# cd /etc/yum.repos.d/ [root@dc yum.repos.d]# wget http://wing-net.ddo.jp/wing/7/EL7.wing.repo [root@dc yum.repos.d]# sed -i 's@enabled=0@enabled=1@g' /etc/yum.repos.d/EL7.wing.repo [root@dc yum.repos.d]# yum clean all Loaded plugins: fastestmirror Cleaning repos: base extras updates wing wing-source Cleaning up everything Cleaning up list of fastest mirrors [root@dc yum.repos.d]#
现在安装samba4包。
[root@dc yum.repos.d]# yum install -y samba45 samba45-winbind-clients samba45-winbind samba45-client\ samba45-dc samba45-pidl samba45-python samba45-winbind-krb5-locator perl-Parse-Yapp\ perl-Test-Base python2-crypto samba45-common-tools
修改resolv.conf
,确保Nameservers指向主域控制器,这里我们使用192.168.1.180。
[root@dc ~]# cat /etc/resolv.conf # Generated by NetworkManager search sunil.cc nameserver 192.168.1.180 [root@dc ~]#
现在我们删除这些文件,因为我们将在以后创建它们。
[root@dc ~]# rm -rf /etc/krb5.conf [root@dc ~]# rm -rf /etc/samba/smb.conf
现在在krb5.conf中添加以下内容,这里我们的域名是sunil.cc,域名是SUNIL.CC。
[root@dc ~]# cat /etc/krb5.conf [libdefaults] dns_lookup_realm = false dns_lookup_kdc = true default_realm = SUNIL.CC [root@dc ~]#
检查是否可以从samba4服务器获取kerberos密钥。
[root@dc ~]# kinit administrator@SUNIL.CC Password for administrator@SUNIL.CC: Warning: Your password will expire in 42 days on Sat 15 Jul 2017 10:54:19 PM CEST [root@dc ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrator@SUNIL.CC Valid starting Expires Service principal 06/03/2017 20:33:08 06/04/2017 06:33:08 krbtgt/SUNIL.CC@SUNIL.CC renew until 06/04/2017 20:33:04 [root@dc ~]#
如果您没有获得密钥,请确保时间同步,并检查resolv.conf。
现在将服务器添加到现有域。
[root@dc yum.repos.d]# samba-tool domain join sunil.cc DC -U"SUNIL\administrator" --dns-backend=SAMBA_INTERNAL Finding a writeable DC for domain 'sunil.cc' Found DC samba4.sunil.cc Password for [SUNIL\administrator]: workgroup is SUNIL realm is sunil.cc Adding CN=DC,OU=Domain Controllers,DC=sunil,DC=cc Adding CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunil,DC=cc Adding CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunil,DC=cc Adding SPNs to CN=DC,OU=Domain Controllers,DC=sunil,DC=cc Setting account password for DC$ Enabling account Calling bare provision Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up share.ldb Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf Provision OK for domain DN DC=sunil,DC=cc Starting replication Schema-DN[CN=Schema,CN=Configuration,DC=sunil,DC=cc] objects[402/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=sunil,DC=cc] objects[804/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=sunil,DC=cc] objects[1206/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=sunil,DC=cc] objects[1550/1550] linked_values[0/0] Analyze and apply schema objects Partition[CN=Configuration,DC=sunil,DC=cc] objects[402/1614] linked_values[0/0] Partition[CN=Configuration,DC=sunil,DC=cc] objects[804/1614] linked_values[0/0] Partition[CN=Configuration,DC=sunil,DC=cc] objects[1206/1614] linked_values[0/0] Partition[CN=Configuration,DC=sunil,DC=cc] objects[1608/1614] linked_values[0/0] Partition[CN=Configuration,DC=sunil,DC=cc] objects[1614/1614] linked_values[30/0] Replicating critical objects from the base DN of the domain Partition[DC=sunil,DC=cc] objects[97/97] linked_values[23/0] Partition[DC=sunil,DC=cc] objects[360/263] linked_values[23/0] Done with always replicated NC (base, config, schema) Replicating DC=DomainDnsZones,DC=sunil,DC=cc Partition[DC=DomainDnsZones,DC=sunil,DC=cc] objects[40/40] linked_values[0/0] Replicating DC=ForestDnsZones,DC=sunil,DC=cc Partition[DC=ForestDnsZones,DC=sunil,DC=cc] objects[18/18] linked_values[0/0] Committing SAM database Sending DsReplicaUpdateRefs for all the replicated partitions Setting isSynchronized and dsServiceName Setting up secrets database Joined domain SUNIL (SID S-1-5-21-2550466525-3862778800-1252273829) as a DC [root@dc yum.repos.d]#
添加防火墙规则。
[root@dc ~]# firewall-cmd --add-port=53/tcp --permanent;firewall-cmd --add-port=53/udp --permanent;firewall-cmd --add-port=88/tcp --permanent;firewall-cmd --add-port=88/udp --permanent; \ firewall-cmd --add-port=135/tcp --permanent;firewall-cmd --add-port=137-138/udp --permanent;firewall-cmd --add-port=139/tcp --permanent; \ firewall-cmd --add-port=389/tcp --permanent;firewall-cmd --add-port=389/udp --permanent;firewall-cmd --add-port=445/tcp --permanent; \ firewall-cmd --add-port=464/tcp --permanent;firewall-cmd --add-port=464/udp --permanent;firewall-cmd --add-port=636/tcp --permanent; \ firewall-cmd --add-port=1024-3500/tcp --permanent;firewall-cmd --add-port=3268-3269/tcp --permanent [root@dc ~]# firewall-cmd --reload
现在添加启动脚本,因为来自wing的samba4 rpm没有。
[root@dc ~]# cat /etc/systemd/system/samba.service [Unit] Description= Samba 4 Active Directory After=syslog.target After=network.target [Service] Type=forking PIDFile=/var/run/samba.pid ExecStart=/usr/sbin/samba [Install] WantedBy=multi-user.target [root@dc ~]#
Samba 4目前不支持sysvol复制,这对于组GID映射是必需的,下面是解决方法:
需要占用idmap.ldb的备份并恢复。
DC1
安装包装。
[root@samba4 ~]#yum install tdb-tools
热备份
[root@samba4 ~]# tdbbackup -s .bak /var/lib/samba/private/idmap.ldb
将备份文件复制到DC2。
[root@samba4 ~]# ls -l /var/lib/samba/private/idmap.ldb.bak -rw-------. 1 root root 61440 Jun 3 09:52 /var/lib/samba/private/idmap.ldb.bak [root@samba4 ~]# scp -r /var/lib/samba/private/idmap.ldb.bak root@dc.sunil.cc:/var/lib/samba/private/idmap.ldb
DC2
现在开始Samba服务。
[root@dc ~]# systemctl enable samba Created symlink from /etc/systemd/system/multi-user.target.wants/samba.service to /etc/systemd/system/samba.service. [root@dc ~]# systemctl start samba
DC1
将resolv.conf文件更改为192.168.1.180。
[root@samba4 ~]# cat /etc/resolv.conf # Generated by NetworkManager search sunil.cc nameserver 192.168.1.180 [root@samba4 ~]#
创建链接。
[root@samba4 ~]# ln -s /var/lib/samba/private/krb5.conf /etc/krb5.conf [root@samba4 ~]# cat /etc/krb5.conf [libdefaults] default_realm = SUNIL.CC dns_lookup_realm = false dns_lookup_kdc = true [root@samba4 ~]#
现在检查Kerberos票。
[root@samba4 ~]# kinit administrator@SUNIL.CC Password for administrator@SUNIL.CC: Warning: Your password will expire in 42 days on Sat 15 Jul 2017 10:54:19 PM CEST [root@samba4 ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrator@SUNIL.CC Valid starting Expires Service principal 06/03/2017 22:03:07 06/04/2017 08:03:07 krbtgt/SUNIL.CC@SUNIL.CC renew until 06/04/2017 22:03:03 [root@samba4 ~]#
现在我们的其他域控制器已准备好,让我们检查复制。
DC2
[root@dc ~]# samba-tool drs showrepl Default-First-Site-Name\DC DSA Options: 0x00000001 DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c DSA invocationId: e3f76609-f5f0-421d-99ad-38e1fba10b08 ==== INBOUND NEIGHBORS ==== CN=Schema,CN=Configuration,DC=sunil,DC=cc Default-First-Site-Name\SAMBA4 via RPC DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d Last attempt @ Sat Jun 3 22:37:24 2017 CEST was successful 0 consecutive failure(s). Last success @ Sat Jun 3 22:37:24 2017 CEST DC=DomainDnsZones,DC=sunil,DC=cc Default-First-Site-Name\SAMBA4 via RPC DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d Last attempt @ Sat Jun 3 22:37:24 2017 CEST was successful 0 consecutive failure(s). Last success @ Sat Jun 3 22:37:24 2017 CEST DC=ForestDnsZones,DC=sunil,DC=cc Default-First-Site-Name\SAMBA4 via RPC DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d Last attempt @ Sat Jun 3 22:37:24 2017 CEST was successful 0 consecutive failure(s). Last success @ Sat Jun 3 22:37:24 2017 CEST DC=sunil,DC=cc Default-First-Site-Name\SAMBA4 via RPC DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d Last attempt @ Sat Jun 3 22:37:24 2017 CEST was successful 0 consecutive failure(s). Last success @ Sat Jun 3 22:37:24 2017 CEST CN=Configuration,DC=sunil,DC=cc Default-First-Site-Name\SAMBA4 via RPC DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d Last attempt @ Sat Jun 3 22:37:24 2017 CEST was successful 0 consecutive failure(s). Last success @ Sat Jun 3 22:37:24 2017 CEST ==== OUTBOUND NEIGHBORS ==== CN=Schema,CN=Configuration,DC=sunil,DC=cc Default-First-Site-Name\SAMBA4 via RPC DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=DomainDnsZones,DC=sunil,DC=cc Default-First-Site-Name\SAMBA4 via RPC DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=ForestDnsZones,DC=sunil,DC=cc Default-First-Site-Name\SAMBA4 via RPC DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=sunil,DC=cc Default-First-Site-Name\SAMBA4 via RPC DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) CN=Configuration,DC=sunil,DC=cc Default-First-Site-Name\SAMBA4 via RPC DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) ==== KCC CONNECTION OBJECTS ==== Connection -- Connection name: 9a2b9a9c-064d-4de1-8c38-20072735de1c Enabled : TRUE Server DNS name : samba4.sunil.cc Server DN name : CN=NTDS Settings,CN=SAMBA4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunil,DC=cc TransportType: RPC options: 0x00000001 Warning: No NC replicated for Connection! [root@dc ~]#
DC1
运行相同的命令。
[root@samba4 private]# samba-tool drs showrepl Default-First-Site-Name\SAMBA4 DSA Options: 0x00000001 DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d DSA invocationId: 745838cd-21e5-4bea-aa28-400a21d59a83 ==== INBOUND NEIGHBORS ==== DC=ForestDnsZones,DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ Sat Jun 3 09:53:48 2017 CEST failed, result 2 (WERR_BADFILE) 1 consecutive failure(s). Last success @ NTTIME(0) DC=DomainDnsZones,DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ Sat Jun 3 09:53:49 2017 CEST failed, result 2 (WERR_BADFILE) 1 consecutive failure(s). Last success @ NTTIME(0) DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ Sat Jun 3 09:53:49 2017 CEST failed, result 2 (WERR_BADFILE) 1 consecutive failure(s). Last success @ NTTIME(0) CN=Schema,CN=Configuration,DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ Sat Jun 3 09:53:49 2017 CEST failed, result 2 (WERR_BADFILE) 1 consecutive failure(s). Last success @ NTTIME(0) CN=Configuration,DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ Sat Jun 3 09:53:49 2017 CEST failed, result 2 (WERR_BADFILE) 1 consecutive failure(s). Last success @ NTTIME(0) ==== OUTBOUND NEIGHBORS ==== DC=ForestDnsZones,DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ Sat Jun 3 09:57:06 2017 CEST failed, result 2 (WERR_BADFILE) 3 consecutive failure(s). Last success @ NTTIME(0) DC=DomainDnsZones,DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ Sat Jun 3 09:57:06 2017 CEST failed, result 2 (WERR_BADFILE) 3 consecutive failure(s). Last success @ NTTIME(0) DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ Sat Jun 3 09:57:06 2017 CEST failed, result 2 (WERR_BADFILE) 3 consecutive failure(s). Last success @ NTTIME(0) CN=Schema,CN=Configuration,DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ Sat Jun 3 09:57:02 2017 CEST failed, result 2 (WERR_BADFILE) 2 consecutive failure(s). Last success @ NTTIME(0) CN=Configuration,DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ Sat Jun 3 09:57:02 2017 CEST failed, result 2 (WERR_BADFILE) 2 consecutive failure(s). Last success @ NTTIME(0) ==== KCC CONNECTION OBJECTS ==== Connection -- Connection name: 9c5f7fe2-3cb7-4bb4-9f46-d2922a7a7ab4 Enabled : TRUE Server DNS name : dc.sunil.cc Server DN name : CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunil,DC=cc TransportType: RPC options: 0x00000001 Warning: No NC replicated for Connection! [root@samba4 private]#
如果您看到此错误,那么复制有问题,我们将需要重新启动复制。
[root@samba4 private]# samba-tool drs replicate samba4.sunil.cc dc.sunil.cc DC=sunil,DC=cc Replicate from dc.sunil.cc to samba4.sunil.cc was successful. [root@samba4 private]#
现在复制应该可以正常工作。
[root@samba4 private]# samba-tool drs showrepl Default-First-Site-Name\SAMBA4 DSA Options: 0x00000001 DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d DSA invocationId: 745838cd-21e5-4bea-aa28-400a21d59a83 ==== INBOUND NEIGHBORS ==== DC=ForestDnsZones,DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ Sat Jun 3 10:42:04 2017 CEST was successful 0 consecutive failure(s). Last success @ Sat Jun 3 10:42:04 2017 CEST DC=DomainDnsZones,DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ Sat Jun 3 10:42:04 2017 CEST was successful 0 consecutive failure(s). Last success @ Sat Jun 3 10:42:04 2017 CEST DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ Sat Jun 3 10:42:04 2017 CEST was successful 0 consecutive failure(s). Last success @ Sat Jun 3 10:42:04 2017 CEST CN=Schema,CN=Configuration,DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ Sat Jun 3 10:42:04 2017 CEST was successful 0 consecutive failure(s). Last success @ Sat Jun 3 10:42:04 2017 CEST CN=Configuration,DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ Sat Jun 3 10:42:04 2017 CEST was successful 0 consecutive failure(s). Last success @ Sat Jun 3 10:42:04 2017 CEST ==== OUTBOUND NEIGHBORS ==== DC=ForestDnsZones,DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=DomainDnsZones,DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) CN=Schema,CN=Configuration,DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) CN=Configuration,DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) ==== KCC CONNECTION OBJECTS ==== Connection -- Connection name: 9c5f7fe2-3cb7-4bb4-9f46-d2922a7a7ab4 Enabled : TRUE Server DNS name : dc.sunil.cc Server DN name : CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunil,DC=cc TransportType: RPC options: 0x00000001 Warning: No NC replicated for Connection! [root@samba4 private]#
现在测试是否在DC1和DC2之间复制对象。
我们将首先在DC2中创建一个测试用户,看看用户是否在DC1中看到。
DC2
[root@dc ~]# samba-tool user create youcl New Password: Retype Password: User 'youcl' created successfully [root@dc ~]# samba-tool user list Administrator youcl test_user1 test_user krbtgt Guest [root@dc ~]#
现在从DC1检查相同。
DC1
[root@samba4 ~]# samba-tool user list Administrator youcl test_user1 test_user krbtgt Guest [root@samba4 ~]#
现在来看看DNS复制。
我将使用我之前在Samba4域控制器安装源代码中使用的Windows 10客户机。
192.168.1.191远程管理Win 10。
将AD2服务器添加为辅助DNS。
测试DNS复制。
检查名称解析。
[root@samba4 ~]# nslookup test.sunil.cc 192.168.1.170 Server: 192.168.1.170 Address: 192.168.1.170#53 Name: test.sunil.cc Address: 192.168.1.200 [root@samba4 ~]# nslookup test.sunil.cc 192.168.1.180 Server: 192.168.1.180 Address: 192.168.1.180#53 Name: test.sunil.cc Address: 192.168.1.200 [root@samba4 ~]#
这是DNS和复制在Samba 4中的工作原理。