Samba 4用于CentOS 7上的故障切换复制的其他域控制器

2017-06-28 分类:系统运维 阅读() 评论()

在本教程中,我将向您展示如何配置一个额外的域控制器,这是SAMBA 4的主要功能之一。我将使用我以前的教程中的现有Samba 4服务器作为主域控制器。 此设置为AD服务(Ldap架构和dns)提供了一定程度的负载平衡和故障切换,并且配置非常简单。 我们也可以使用此功能来扩展环境。

我将使用现有的Samba4 AD服务器和一个新的附加服务器。

注意:在我以前的文章中,我使用192.168.1.190作为主域控制器,由于 我的实验室环境 中的 ipaddress 冲突, 我将其更改为192.168.1.180。

服务器

  • 192.168.1.180,samba4.sunil.cc - 主域控制器Centos7 AD1
  • 192.168.1.170,dc.sunil.cc - 辅助域控制器或其他域控制器Centos7 AD2

在本教程中,每当我指出AD1指的是主AD服务器AD2是指二级服务器 ,那么请参考这个链接。

配置主域控制器

请参考这个链接

Samba 4与Active Directory在CentOS 7 rpm的基础上安装共享支持

配置辅助域控制器

AD2

在服务器192.168.1.170,dc.sunil.cc - (辅助域控制器或其他域控制器)做:

我们将以Centos 7为基础,启用SELinux。 

[root@dc ~]# yum -y update

Selinux已启用。 

[root@dc ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28
[root@dc ~]#

在主机文件中输入条目:

请确保在/ etc / hosts中添加主AD和辅助AD

AD1 

[root@samba4 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.180   samba4.sunil.cc         samba4
192.168.1.170   dc.sunil.cc     dc
[root@samba4 ~]#

AD2 

[root@dc ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.180   samba4.sunil.cc         samba4
192.168.1.170   dc.sunil.cc     dc
[root@dc ~]#

启用epel repo。 

[root@dc ~]# yum install epel-release -y

安装基本软件包 

 [root@dc ~]# yum install vim wget authconfig krb5-workstation -y

安装samba4 rpms的机翼repo。 

 [root@dc ~]# cd /etc/yum.repos.d/
[root@dc yum.repos.d]# wget http://wing-net.ddo.jp/wing/7/EL7.wing.repo
[root@dc yum.repos.d]# sed -i 's@enabled=0@enabled=1@g' /etc/yum.repos.d/EL7.wing.repo
[root@dc yum.repos.d]# yum clean all
Loaded plugins: fastestmirror
Cleaning repos: base extras updates wing wing-source
Cleaning up everything
Cleaning up list of fastest mirrors
[root@dc yum.repos.d]#

现在安装samba4包。 

[root@dc yum.repos.d]# yum install -y samba45 samba45-winbind-clients samba45-winbind samba45-client\
samba45-dc samba45-pidl samba45-python samba45-winbind-krb5-locator perl-Parse-Yapp\
perl-Test-Base python2-crypto samba45-common-tools

修改resolv.conf ,确保Nameservers指向主域控制器,这里我们使用192.168.1.180。 

[root@dc ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search sunil.cc
nameserver 192.168.1.180
[root@dc ~]#

现在我们删除这些文件,因为我们将在以后创建它们。 

[root@dc ~]# rm -rf /etc/krb5.conf
[root@dc ~]# rm -rf /etc/samba/smb.conf

现在在krb5.conf中添加以下内容,这里我们的域名是sunil.cc,域名是SUNIL.CC。 

[root@dc ~]# cat /etc/krb5.conf
[libdefaults]
    dns_lookup_realm = false
    dns_lookup_kdc = true
    default_realm = SUNIL.CC
[root@dc ~]#

检查是否可以从samba4服务器获取kerberos密钥。 

[root@dc ~]# kinit administrator@SUNIL.CC
Password for administrator@SUNIL.CC:
Warning: Your password will expire in 42 days on Sat 15 Jul 2017 10:54:19 PM CEST
[root@dc ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@SUNIL.CC

Valid starting       Expires              Service principal
06/03/2017 20:33:08  06/04/2017 06:33:08  krbtgt/SUNIL.CC@SUNIL.CC
        renew until 06/04/2017 20:33:04
[root@dc ~]#

如果您没有获得密钥,请确保时间同步,并检查resolv.conf。

现在将服务器添加到现有域。 

[root@dc yum.repos.d]# samba-tool domain join sunil.cc  DC -U"SUNIL\administrator" --dns-backend=SAMBA_INTERNAL
Finding a writeable DC for domain 'sunil.cc'
Found DC samba4.sunil.cc
Password for [SUNIL\administrator]:
workgroup is SUNIL
realm is sunil.cc
Adding CN=DC,OU=Domain Controllers,DC=sunil,DC=cc
Adding CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunil,DC=cc
Adding CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunil,DC=cc
Adding SPNs to CN=DC,OU=Domain Controllers,DC=sunil,DC=cc
Setting account password for DC$
Enabling account
Calling bare provision
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf
Provision OK for domain DN DC=sunil,DC=cc
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=sunil,DC=cc] objects[402/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=sunil,DC=cc] objects[804/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=sunil,DC=cc] objects[1206/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=sunil,DC=cc] objects[1550/1550] linked_values[0/0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=sunil,DC=cc] objects[402/1614] linked_values[0/0]
Partition[CN=Configuration,DC=sunil,DC=cc] objects[804/1614] linked_values[0/0]
Partition[CN=Configuration,DC=sunil,DC=cc] objects[1206/1614] linked_values[0/0]
Partition[CN=Configuration,DC=sunil,DC=cc] objects[1608/1614] linked_values[0/0]
Partition[CN=Configuration,DC=sunil,DC=cc] objects[1614/1614] linked_values[30/0]
Replicating critical objects from the base DN of the domain
Partition[DC=sunil,DC=cc] objects[97/97] linked_values[23/0]
Partition[DC=sunil,DC=cc] objects[360/263] linked_values[23/0]
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=sunil,DC=cc
Partition[DC=DomainDnsZones,DC=sunil,DC=cc] objects[40/40] linked_values[0/0]
Replicating DC=ForestDnsZones,DC=sunil,DC=cc
Partition[DC=ForestDnsZones,DC=sunil,DC=cc] objects[18/18] linked_values[0/0]
Committing SAM database
Sending DsReplicaUpdateRefs for all the replicated partitions
Setting isSynchronized and dsServiceName
Setting up secrets database
Joined domain SUNIL (SID S-1-5-21-2550466525-3862778800-1252273829) as a DC
[root@dc yum.repos.d]#

添加防火墙规则。 

[root@dc ~]# firewall-cmd --add-port=53/tcp --permanent;firewall-cmd --add-port=53/udp --permanent;firewall-cmd --add-port=88/tcp --permanent;firewall-cmd --add-port=88/udp --permanent; \
firewall-cmd --add-port=135/tcp --permanent;firewall-cmd --add-port=137-138/udp --permanent;firewall-cmd --add-port=139/tcp --permanent; \
firewall-cmd --add-port=389/tcp --permanent;firewall-cmd --add-port=389/udp --permanent;firewall-cmd --add-port=445/tcp --permanent; \
firewall-cmd --add-port=464/tcp --permanent;firewall-cmd --add-port=464/udp --permanent;firewall-cmd --add-port=636/tcp --permanent; \
firewall-cmd --add-port=1024-3500/tcp --permanent;firewall-cmd --add-port=3268-3269/tcp --permanent
[root@dc ~]# firewall-cmd --reload

现在添加启动脚本,因为来自wing的samba4 rpm没有。 

[root@dc ~]# cat /etc/systemd/system/samba.service
[Unit]
Description= Samba 4 Active Directory
After=syslog.target
After=network.target
[Service]
Type=forking
PIDFile=/var/run/samba.pid
ExecStart=/usr/sbin/samba
[Install]
WantedBy=multi-user.target
[root@dc ~]#

Samba 4目前不支持sysvol复制,这对于组GID映射是必需的,下面是解决方法:

需要占用idmap.ldb的备份并恢复。

DC1

安装包装。 

[root@samba4 ~]#yum install tdb-tools

热备份 

[root@samba4 ~]# tdbbackup -s .bak /var/lib/samba/private/idmap.ldb

将备份文件复制到DC2。 

[root@samba4 ~]# ls -l /var/lib/samba/private/idmap.ldb.bak
-rw-------. 1 root root 61440 Jun  3 09:52 /var/lib/samba/private/idmap.ldb.bak
[root@samba4 ~]# scp -r /var/lib/samba/private/idmap.ldb.bak root@dc.sunil.cc:/var/lib/samba/private/idmap.ldb

DC2

现在开始Samba服务。 

[root@dc ~]# systemctl enable samba
Created symlink from /etc/systemd/system/multi-user.target.wants/samba.service to /etc/systemd/system/samba.service.
[root@dc ~]# systemctl start samba

DC1

将resolv.conf文件更改为192.168.1.180。 

[root@samba4 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search sunil.cc
nameserver 192.168.1.180
[root@samba4 ~]#

创建链接。 

[root@samba4 ~]# ln -s /var/lib/samba/private/krb5.conf /etc/krb5.conf
[root@samba4 ~]# cat /etc/krb5.conf
[libdefaults]
        default_realm = SUNIL.CC
        dns_lookup_realm = false
        dns_lookup_kdc = true
[root@samba4 ~]#

现在检查Kerberos票。 

[root@samba4 ~]# kinit administrator@SUNIL.CC
Password for administrator@SUNIL.CC:
Warning: Your password will expire in 42 days on Sat 15 Jul 2017 10:54:19 PM CEST
[root@samba4 ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@SUNIL.CC

Valid starting       Expires              Service principal
06/03/2017 22:03:07  06/04/2017 08:03:07  krbtgt/SUNIL.CC@SUNIL.CC
        renew until 06/04/2017 22:03:03
[root@samba4 ~]#

现在我们的其他域控制器已准备好,让我们检查复制。

DC2 

[root@dc ~]# samba-tool drs showrepl
Default-First-Site-Name\DC
DSA Options: 0x00000001
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
DSA invocationId: e3f76609-f5f0-421d-99ad-38e1fba10b08

==== INBOUND NEIGHBORS ====

CN=Schema,CN=Configuration,DC=sunil,DC=cc
        Default-First-Site-Name\SAMBA4 via RPC
                DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
                Last attempt @ Sat Jun  3 22:37:24 2017 CEST was successful
                0 consecutive failure(s).
                Last success @ Sat Jun  3 22:37:24 2017 CEST

DC=DomainDnsZones,DC=sunil,DC=cc
        Default-First-Site-Name\SAMBA4 via RPC
                DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
                Last attempt @ Sat Jun  3 22:37:24 2017 CEST was successful
                0 consecutive failure(s).
                Last success @ Sat Jun  3 22:37:24 2017 CEST

DC=ForestDnsZones,DC=sunil,DC=cc
        Default-First-Site-Name\SAMBA4 via RPC
                DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
                Last attempt @ Sat Jun  3 22:37:24 2017 CEST was successful
                0 consecutive failure(s).
                Last success @ Sat Jun  3 22:37:24 2017 CEST

DC=sunil,DC=cc
        Default-First-Site-Name\SAMBA4 via RPC
                DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
                Last attempt @ Sat Jun  3 22:37:24 2017 CEST was successful
                0 consecutive failure(s).
                Last success @ Sat Jun  3 22:37:24 2017 CEST

CN=Configuration,DC=sunil,DC=cc
        Default-First-Site-Name\SAMBA4 via RPC
                DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
                Last attempt @ Sat Jun  3 22:37:24 2017 CEST was successful
                0 consecutive failure(s).
                Last success @ Sat Jun  3 22:37:24 2017 CEST

==== OUTBOUND NEIGHBORS ====

CN=Schema,CN=Configuration,DC=sunil,DC=cc
        Default-First-Site-Name\SAMBA4 via RPC
                DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

DC=DomainDnsZones,DC=sunil,DC=cc
        Default-First-Site-Name\SAMBA4 via RPC
                DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

DC=ForestDnsZones,DC=sunil,DC=cc
        Default-First-Site-Name\SAMBA4 via RPC
                DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

DC=sunil,DC=cc
        Default-First-Site-Name\SAMBA4 via RPC
                DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

CN=Configuration,DC=sunil,DC=cc
        Default-First-Site-Name\SAMBA4 via RPC
                DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

==== KCC CONNECTION OBJECTS ====

Connection --
        Connection name: 9a2b9a9c-064d-4de1-8c38-20072735de1c
        Enabled        : TRUE
        Server DNS name : samba4.sunil.cc
        Server DN name  : CN=NTDS Settings,CN=SAMBA4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunil,DC=cc
                TransportType: RPC
                options: 0x00000001
Warning: No NC replicated for Connection!
[root@dc ~]#

DC1

运行相同的命令。 

[root@samba4 private]# samba-tool drs showrepl
Default-First-Site-Name\SAMBA4
DSA Options: 0x00000001
DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
DSA invocationId: 745838cd-21e5-4bea-aa28-400a21d59a83

==== INBOUND NEIGHBORS ====

DC=ForestDnsZones,DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ Sat Jun  3 09:53:48 2017 CEST failed, result 2 (WERR_BADFILE)
                1 consecutive failure(s).
                Last success @ NTTIME(0)

DC=DomainDnsZones,DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ Sat Jun  3 09:53:49 2017 CEST failed, result 2 (WERR_BADFILE)
                1 consecutive failure(s).
                Last success @ NTTIME(0)

DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ Sat Jun  3 09:53:49 2017 CEST failed, result 2 (WERR_BADFILE)
                1 consecutive failure(s).
                Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ Sat Jun  3 09:53:49 2017 CEST failed, result 2 (WERR_BADFILE)
                1 consecutive failure(s).
                Last success @ NTTIME(0)

CN=Configuration,DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ Sat Jun  3 09:53:49 2017 CEST failed, result 2 (WERR_BADFILE)
                1 consecutive failure(s).
                Last success @ NTTIME(0)

==== OUTBOUND NEIGHBORS ====

DC=ForestDnsZones,DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ Sat Jun  3 09:57:06 2017 CEST failed, result 2 (WERR_BADFILE)
                3 consecutive failure(s).
                Last success @ NTTIME(0)

DC=DomainDnsZones,DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ Sat Jun  3 09:57:06 2017 CEST failed, result 2 (WERR_BADFILE)
                3 consecutive failure(s).
                Last success @ NTTIME(0)

DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ Sat Jun  3 09:57:06 2017 CEST failed, result 2 (WERR_BADFILE)
                3 consecutive failure(s).
                Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ Sat Jun  3 09:57:02 2017 CEST failed, result 2 (WERR_BADFILE)
                2 consecutive failure(s).
                Last success @ NTTIME(0)

CN=Configuration,DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ Sat Jun  3 09:57:02 2017 CEST failed, result 2 (WERR_BADFILE)
                2 consecutive failure(s).
                Last success @ NTTIME(0)

==== KCC CONNECTION OBJECTS ====

Connection --
        Connection name: 9c5f7fe2-3cb7-4bb4-9f46-d2922a7a7ab4
        Enabled        : TRUE
        Server DNS name : dc.sunil.cc
        Server DN name  : CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunil,DC=cc
                TransportType: RPC
                options: 0x00000001
Warning: No NC replicated for Connection!
[root@samba4 private]#

如果您看到此错误,那么复制有问题,我们将需要重新启动复制。 

[root@samba4 private]# samba-tool drs replicate samba4.sunil.cc dc.sunil.cc DC=sunil,DC=cc
Replicate from dc.sunil.cc to samba4.sunil.cc was successful.
[root@samba4 private]#

现在复制应该可以正常工作。 

[root@samba4 private]# samba-tool drs showrepl
Default-First-Site-Name\SAMBA4
DSA Options: 0x00000001
DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
DSA invocationId: 745838cd-21e5-4bea-aa28-400a21d59a83

==== INBOUND NEIGHBORS ====

DC=ForestDnsZones,DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ Sat Jun  3 10:42:04 2017 CEST was successful
                0 consecutive failure(s).
                Last success @ Sat Jun  3 10:42:04 2017 CEST

DC=DomainDnsZones,DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ Sat Jun  3 10:42:04 2017 CEST was successful
                0 consecutive failure(s).
                Last success @ Sat Jun  3 10:42:04 2017 CEST

DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ Sat Jun  3 10:42:04 2017 CEST was successful
                0 consecutive failure(s).
                Last success @ Sat Jun  3 10:42:04 2017 CEST

CN=Schema,CN=Configuration,DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ Sat Jun  3 10:42:04 2017 CEST was successful
                0 consecutive failure(s).
                Last success @ Sat Jun  3 10:42:04 2017 CEST

CN=Configuration,DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ Sat Jun  3 10:42:04 2017 CEST was successful
                0 consecutive failure(s).
                Last success @ Sat Jun  3 10:42:04 2017 CEST

==== OUTBOUND NEIGHBORS ====

DC=ForestDnsZones,DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

DC=DomainDnsZones,DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

CN=Configuration,DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

==== KCC CONNECTION OBJECTS ====

Connection --
        Connection name: 9c5f7fe2-3cb7-4bb4-9f46-d2922a7a7ab4
        Enabled        : TRUE
        Server DNS name : dc.sunil.cc
        Server DN name  : CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunil,DC=cc
                TransportType: RPC
                options: 0x00000001
Warning: No NC replicated for Connection!
[root@samba4 private]#

现在测试是否在DC1和DC2之间复制对象。

我们将首先在DC2中创建一个测试用户,看看用户是否在DC1中看到。

DC2 

[root@dc ~]# samba-tool user create youcl
New Password:
Retype Password:
User 'youcl' created successfully
[root@dc ~]# samba-tool user list
Administrator
youcl
test_user1
test_user
krbtgt
Guest
[root@dc ~]#

现在从DC1检查相同。

DC1 

[root@samba4 ~]# samba-tool user list
Administrator
youcl
test_user1
test_user
krbtgt
Guest
[root@samba4 ~]#

现在来看看DNS复制。

我将使用我之前在Samba4域控制器安装源代码中使用的Windows 10客户机。

192.168.1.191远程管理Win 10。

将AD2服务器添加为辅助DNS。

测试DNS复制。

检查名称解析。 

[root@samba4 ~]# nslookup test.sunil.cc 192.168.1.170
Server:         192.168.1.170
Address:        192.168.1.170#53

Name:   test.sunil.cc
Address: 192.168.1.200

[root@samba4 ~]# nslookup test.sunil.cc 192.168.1.180
Server:         192.168.1.180
Address:        192.168.1.180#53

Name:   test.sunil.cc
Address: 192.168.1.200

[root@samba4 ~]#

这是DNS和复制在Samba 4中的工作原理。

赞(52) 打赏
未经允许不得转载:优客志 » 系统运维
分享到:
标签:

相关推荐

吐血推荐

推荐云主机,建站更安全

优客志推荐站长使用阿里云主机,安全可靠、轻松上云,从此告别主机无售后、主机各种难题。点击领取1000元代金券

热度排行

热门标签

Ubuntu (2170) Linux (1251) debian (936) centos (935) Security (686) Apache (652) Nginx (536) Desktop (533) MySQL (492) web-server (486) PHP (466) fedora (446) Linux Commands (383) virtualization (308) ispconfig (297) Ubuntu 16.04 (285) Storage (284) JAVA (279) monitoring (243) server (231) Open Source (210) suse (201) Control Panels (186) Email (182) python (182) shell (179) FTP (175) Postfix (174) Linux Tricks (149) Development (137)

Copyright © 2018 优客网 All Rights Reserved

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

微信扫一扫打赏