Samba 4 kontrollues shtesë i domenit për riprodhimin e dështimit në CentOS 7
Në këtë tutorial, unë do t'ju tregoj se si të konfiguroni një kontrollues shtesë të domenit, i cili është një nga veçoritë kryesore të SAMBA 4. Unë do të përdor serverin ekzistues Samba 4 nga tutoriali im i mëparshëm si kontrollues kryesor i domenit. Ky konfigurim siguron një shkallë të balancimit të ngarkesës dhe dështimit për shërbimet AD (skema Ldap dhe dns) dhe konfigurimi i tij është vërtet i lehtë. Ne gjithashtu mund ta përdorim këtë veçori për të rritur shkallën e mjedisit.
Do të përdor një server ekzistues Samba4 AD dhe një server të ri shtesë.
Shënim: Në artikullin tim të mëparshëm kam përdorur 192.168.1.190 si kontrollues primar të domenit për shkak të konfliktit në ipaddress në mjedisin tim të laboratorit, e kam ndryshuar në 192.168.1.180.
Serverët
- 192.168.1.180, samba4.sunil.cc - Kontrolluesi kryesor i domenit Centos7 AD1
- 192.168.1.170,dc.sunil.cc - Kontrolluesi dytësor i domenit ose kontrolluesi shtesë i domenit Centos7 AD2
Në tutorial, sa herë që shënoj AD1 i referohet serverit primar AD dhe AD2 i referohet serverit dytësor, atëherë ju lutemi referojuni kësaj lidhjeje.
Konfiguro kontrolluesin primar të domenit
Ju lutemi referojuni kësaj lidhjeje
Samba 4 me direktorium aktiv në instalim të bazuar në CentOS 7 rpm me mbështetje për ndarjen
Konfiguro kontrolluesin sekondar të domenit
AD2
Në serverin 192.168.1.170, dc.sunil.cc - (Kontrolluesi sekondar i domenit ose kontrolluesi shtesë i domenit) bëni:
Ne do të përdorim Centos 7 si bazë, SELinux është i aktivizuar.
[ ~]# yum -y update
Selinux është aktivizuar.
[ ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
[ ~]#
Bëni një hyrje në skedarin pritës:
Sigurohuni që këtu të shtoni AD primare dhe dytësore në /etc/hosts
AD1
[ ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.180 samba4.sunil.cc samba4
192.168.1.170 dc.sunil.cc dc
[ ~]#
AD2
[ ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.180 samba4.sunil.cc samba4
192.168.1.170 dc.sunil.cc dc
[ ~]#
Aktivizo repo epel.
[ ~]# yum install epel-release -y
Instaloni paketat bazë.
[ ~]# yum install vim wget authconfig krb5-workstation -y
Instaloni depon e krahëve për samba4 rpm.
[ ~]# cd /etc/yum.repos.d/
[ yum.repos.d]# wget http://wing-net.ddo.jp/wing/7/EL7.wing.repo
[' /etc/yum.repos.d/EL7.wing.repo
[ yum.repos.d]# yum clean all
Loaded plugins: fastestmirror
Cleaning repos: base extras updates wing wing-source
Cleaning up everything
Cleaning up list of fastest mirrors
[ yum.repos.d]#
Tani po instaloni paketat samba4.
[ yum.repos.d]# yum install -y samba45 samba45-winbind-clients samba45-winbind samba45-client\
samba45-dc samba45-pidl samba45-python samba45-winbind-krb5-locator perl-Parse-Yapp\
perl-Test-Base python2-crypto samba45-common-tools
Modifikoni resolv.conf, sigurohuni që serveri i emrave të jetë i drejtuar nga kontrolluesi kryesor i domenit, këtu përdorim 192.168.1.180.
[r ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search sunil.cc
nameserver 192.168.1.180
[ ~]#
Tani i heqim këto skedarë, pasi do t'i krijojmë më vonë.
[ ~]# rm -rf /etc/krb5.conf
[ ~]# rm -rf /etc/samba/smb.conf
Tani shtoni përmbajtjen e mëposhtme në krb5.conf, këtu emri ynë i domenit është sunil.cc, emri i fushës është SUNIL.CC.
[ ~]# cat /etc/krb5.conf
[libdefaults]
dns_lookup_realm = false
dns_lookup_kdc = true
default_realm = SUNIL.CC
[ ~]#
Kontrolloni nëse jemi në gjendje të marrim çelësin kerberos nga serveri samba4.
[
Password for :
Warning: Your password will expire in 42 days on Sat 15 Jul 2017 10:54:19 PM CEST
[ ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal:
Valid starting Expires Service principal
06/03/2017 20:33:08 06/04/2017 06:33:08 krbtgt/
renew until 06/04/2017 20:33:04
[ ~]#
Nëse nuk e merrni çelësin, sigurohuni që koha të jetë në sinkron dhe ju lutemi kontrolloni resolv.conf.
Tani shtoni serverin në domenin ekzistues.
[ yum.repos.d]# samba-tool domain join sunil.cc DC -U"SUNIL\administrator" --dns-backend=SAMBA_INTERNAL
Finding a writeable DC for domain 'sunil.cc'
Found DC samba4.sunil.cc
Password for [SUNIL\administrator]:
workgroup is SUNIL
realm is sunil.cc
Adding CN=DC,OU=Domain Controllers,DC=sunil,DC=cc
Adding CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunil,DC=cc
Adding CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunil,DC=cc
Adding SPNs to CN=DC,OU=Domain Controllers,DC=sunil,DC=cc
Setting account password for DC$
Enabling account
Calling bare provision
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf
Provision OK for domain DN DC=sunil,DC=cc
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=sunil,DC=cc] objects[402/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=sunil,DC=cc] objects[804/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=sunil,DC=cc] objects[1206/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=sunil,DC=cc] objects[1550/1550] linked_values[0/0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=sunil,DC=cc] objects[402/1614] linked_values[0/0]
Partition[CN=Configuration,DC=sunil,DC=cc] objects[804/1614] linked_values[0/0]
Partition[CN=Configuration,DC=sunil,DC=cc] objects[1206/1614] linked_values[0/0]
Partition[CN=Configuration,DC=sunil,DC=cc] objects[1608/1614] linked_values[0/0]
Partition[CN=Configuration,DC=sunil,DC=cc] objects[1614/1614] linked_values[30/0]
Replicating critical objects from the base DN of the domain
Partition[DC=sunil,DC=cc] objects[97/97] linked_values[23/0]
Partition[DC=sunil,DC=cc] objects[360/263] linked_values[23/0]
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=sunil,DC=cc
Partition[DC=DomainDnsZones,DC=sunil,DC=cc] objects[40/40] linked_values[0/0]
Replicating DC=ForestDnsZones,DC=sunil,DC=cc
Partition[DC=ForestDnsZones,DC=sunil,DC=cc] objects[18/18] linked_values[0/0]
Committing SAM database
Sending DsReplicaUpdateRefs for all the replicated partitions
Setting isSynchronized and dsServiceName
Setting up secrets database
Joined domain SUNIL (SID S-1-5-21-2550466525-3862778800-1252273829) as a DC
[ yum.repos.d]#
Shtoni rregullat e murit të zjarrit.
[ ~]# firewall-cmd --add-port=53/tcp --permanent;firewall-cmd --add-port=53/udp --permanent;firewall-cmd --add-port=88/tcp --permanent;firewall-cmd --add-port=88/udp --permanent; \
firewall-cmd --add-port=135/tcp --permanent;firewall-cmd --add-port=137-138/udp --permanent;firewall-cmd --add-port=139/tcp --permanent; \
firewall-cmd --add-port=389/tcp --permanent;firewall-cmd --add-port=389/udp --permanent;firewall-cmd --add-port=445/tcp --permanent; \
firewall-cmd --add-port=464/tcp --permanent;firewall-cmd --add-port=464/udp --permanent;firewall-cmd --add-port=636/tcp --permanent; \
firewall-cmd --add-port=1024-3500/tcp --permanent;firewall-cmd --add-port=3268-3269/tcp --permanent
[ ~]# firewall-cmd --reload
Tani shtoni skriptin e fillimit pasi samba4 rpm nga krahu nuk e ka atë.
[ ~]# cat /etc/systemd/system/samba.service
[Unit]
Description= Samba 4 Active Directory
After=syslog.target
After=network.target
[Service]
Type=forking
PIDFile=/var/run/samba.pid
ExecStart=/usr/sbin/samba
[Install]
WantedBy=multi-user.target
[ ~]#
Samba 4 aktualisht nuk mbështet replikimin sysvol, kjo kërkohet për GID Mappings të Grupeve, këtu është mënyra e zgjidhjes për ta rregulluar atë:
Duhet të bëni kopje rezervë të idmap.ldb dhe të rivendosni.
DC1
Instaloni paketën.
[ ~]#yum install tdb-tools
Marrja e një kopje rezervë të nxehtë.
[ ~]# tdbbackup -s .bak /var/lib/samba/private/idmap.ldb
Kopjoni skedarin rezervë në DC2.
[ ~]# ls -l /var/lib/samba/private/idmap.ldb.bak
-rw-------. 1 root root 61440 Jun 3 09:52 /var/lib/samba/private/idmap.ldb.bak
[:/var/lib/samba/private/idmap.ldb
DC2
Tani fillon shërbimi samba.
[ ~]# systemctl enable samba
Created symlink from /etc/systemd/system/multi-user.target.wants/samba.service to /etc/systemd/system/samba.service.
[ ~]# systemctl start samba
DC1
Ndryshoni skedarin resolv.conf për ta drejtuar atë në 192.168.1.180.
[ ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search sunil.cc
nameserver 192.168.1.180
[ ~]#
Krijimi i një lidhjeje.
[ ~]# ln -s /var/lib/samba/private/krb5.conf /etc/krb5.conf
[ ~]# cat /etc/krb5.conf
[libdefaults]
default_realm = SUNIL.CC
dns_lookup_realm = false
dns_lookup_kdc = true
[ ~]#
Po kontrollon biletën e Kerberos tani.
[
Password for :
Warning: Your password will expire in 42 days on Sat 15 Jul 2017 10:54:19 PM CEST
[ ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal:
Valid starting Expires Service principal
06/03/2017 22:03:07 06/04/2017 08:03:07 krbtgt/
renew until 06/04/2017 22:03:03
[ ~]#
Tani kontrolluesi ynë shtesë i domenit është gati, Le të kontrollojmë përsëritjen.
DC2
[ ~]# samba-tool drs showrepl
Default-First-Site-Name\DC
DSA Options: 0x00000001
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
DSA invocationId: e3f76609-f5f0-421d-99ad-38e1fba10b08
==== INBOUND NEIGHBORS ====
CN=Schema,CN=Configuration,DC=sunil,DC=cc
Default-First-Site-Name\SAMBA4 via RPC
DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
Last attempt @ Sat Jun 3 22:37:24 2017 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jun 3 22:37:24 2017 CEST
DC=DomainDnsZones,DC=sunil,DC=cc
Default-First-Site-Name\SAMBA4 via RPC
DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
Last attempt @ Sat Jun 3 22:37:24 2017 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jun 3 22:37:24 2017 CEST
DC=ForestDnsZones,DC=sunil,DC=cc
Default-First-Site-Name\SAMBA4 via RPC
DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
Last attempt @ Sat Jun 3 22:37:24 2017 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jun 3 22:37:24 2017 CEST
DC=sunil,DC=cc
Default-First-Site-Name\SAMBA4 via RPC
DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
Last attempt @ Sat Jun 3 22:37:24 2017 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jun 3 22:37:24 2017 CEST
CN=Configuration,DC=sunil,DC=cc
Default-First-Site-Name\SAMBA4 via RPC
DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
Last attempt @ Sat Jun 3 22:37:24 2017 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jun 3 22:37:24 2017 CEST
==== OUTBOUND NEIGHBORS ====
CN=Schema,CN=Configuration,DC=sunil,DC=cc
Default-First-Site-Name\SAMBA4 via RPC
DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=DomainDnsZones,DC=sunil,DC=cc
Default-First-Site-Name\SAMBA4 via RPC
DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=ForestDnsZones,DC=sunil,DC=cc
Default-First-Site-Name\SAMBA4 via RPC
DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=sunil,DC=cc
Default-First-Site-Name\SAMBA4 via RPC
DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=sunil,DC=cc
Default-First-Site-Name\SAMBA4 via RPC
DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: 9a2b9a9c-064d-4de1-8c38-20072735de1c
Enabled : TRUE
Server DNS name : samba4.sunil.cc
Server DN name : CN=NTDS Settings,CN=SAMBA4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunil,DC=cc
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
[ ~]#
DC1
Duke ekzekutuar të njëjtën komandë.
[ private]# samba-tool drs showrepl
Default-First-Site-Name\SAMBA4
DSA Options: 0x00000001
DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
DSA invocationId: 745838cd-21e5-4bea-aa28-400a21d59a83
==== INBOUND NEIGHBORS ====
DC=ForestDnsZones,DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ Sat Jun 3 09:53:48 2017 CEST failed, result 2 (WERR_BADFILE)
1 consecutive failure(s).
Last success @ NTTIME(0)
DC=DomainDnsZones,DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ Sat Jun 3 09:53:49 2017 CEST failed, result 2 (WERR_BADFILE)
1 consecutive failure(s).
Last success @ NTTIME(0)
DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ Sat Jun 3 09:53:49 2017 CEST failed, result 2 (WERR_BADFILE)
1 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ Sat Jun 3 09:53:49 2017 CEST failed, result 2 (WERR_BADFILE)
1 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ Sat Jun 3 09:53:49 2017 CEST failed, result 2 (WERR_BADFILE)
1 consecutive failure(s).
Last success @ NTTIME(0)
==== OUTBOUND NEIGHBORS ====
DC=ForestDnsZones,DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ Sat Jun 3 09:57:06 2017 CEST failed, result 2 (WERR_BADFILE)
3 consecutive failure(s).
Last success @ NTTIME(0)
DC=DomainDnsZones,DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ Sat Jun 3 09:57:06 2017 CEST failed, result 2 (WERR_BADFILE)
3 consecutive failure(s).
Last success @ NTTIME(0)
DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ Sat Jun 3 09:57:06 2017 CEST failed, result 2 (WERR_BADFILE)
3 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ Sat Jun 3 09:57:02 2017 CEST failed, result 2 (WERR_BADFILE)
2 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ Sat Jun 3 09:57:02 2017 CEST failed, result 2 (WERR_BADFILE)
2 consecutive failure(s).
Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: 9c5f7fe2-3cb7-4bb4-9f46-d2922a7a7ab4
Enabled : TRUE
Server DNS name : dc.sunil.cc
Server DN name : CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunil,DC=cc
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
[ private]#
Nëse e shihni këtë gabim, atëherë ka një problem me replikimin, do të na duhet të rifillojmë përsëritjen.
[ private]# samba-tool drs replicate samba4.sunil.cc dc.sunil.cc DC=sunil,DC=cc
Replicate from dc.sunil.cc to samba4.sunil.cc was successful.
[ private]#
Tani përsëritja duhet të funksionojë mirë.
[ private]# samba-tool drs showrepl
Default-First-Site-Name\SAMBA4
DSA Options: 0x00000001
DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
DSA invocationId: 745838cd-21e5-4bea-aa28-400a21d59a83
==== INBOUND NEIGHBORS ====
DC=ForestDnsZones,DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ Sat Jun 3 10:42:04 2017 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jun 3 10:42:04 2017 CEST
DC=DomainDnsZones,DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ Sat Jun 3 10:42:04 2017 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jun 3 10:42:04 2017 CEST
DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ Sat Jun 3 10:42:04 2017 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jun 3 10:42:04 2017 CEST
CN=Schema,CN=Configuration,DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ Sat Jun 3 10:42:04 2017 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jun 3 10:42:04 2017 CEST
CN=Configuration,DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ Sat Jun 3 10:42:04 2017 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jun 3 10:42:04 2017 CEST
==== OUTBOUND NEIGHBORS ====
DC=ForestDnsZones,DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=DomainDnsZones,DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: 9c5f7fe2-3cb7-4bb4-9f46-d2922a7a7ab4
Enabled : TRUE
Server DNS name : dc.sunil.cc
Server DN name : CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunil,DC=cc
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
[ private]#
Tani testoni nëse objektet po përsëriten midis DC1 dhe DC2.
Fillimisht do të krijojmë një përdorues testues në DC2 dhe do të shohim nëse përdoruesi shihet në DC1.
DC2
[ ~]# samba-tool user create howtoforge
New Password:
Retype Password:
User 'howtoforge' created successfully
[ ~]# samba-tool user list
Administrator
howtoforge
test_user1
test_user
krbtgt
Guest
[ ~]#
Tani kontrolloni të njëjtën gjë nga DC1.
DC1
[ ~]# samba-tool user list
Administrator
howtoforge
test_user1
test_user
krbtgt
Guest
[ ~]#
Le të kontrollojmë tani replikimin e DNS.
Do të përdor të njëjtin klient Windows 10 që përdora në tutorialin tim të mëparshëm instalimin e kontrolluesit të domenit Samba4 nga burimi.
192.168.1.191 menaxhimi në distancë Win 10.
Do të shtojë serverin AD2 si DNS dytësor.
Testimi i riprodhimit të DNS.
Kontrolloni rezolucionin e emrit.
[ ~]# nslookup test.sunil.cc 192.168.1.170
Server: 192.168.1.170
Address: 192.168.1.170#53
Name: test.sunil.cc
Address: 192.168.1.200
[ ~]# nslookup test.sunil.cc 192.168.1.180
Server: 192.168.1.180
Address: 192.168.1.180#53
Name: test.sunil.cc
Address: 192.168.1.200
[ ~]#
Kështu funksionon DNS dhe riprodhimi në Samba 4.