欢迎光临
我们一直在努力

Samba 4用于CentOS 7上的故障切换复制的其他域控制器

在本教程中,我将向您展示如何配置一个额外的域控制器,这是SAMBA 4的主要功能之一。我将使用我以前的教程中的现有Samba 4服务器作为主域控制器。 此设置为AD服务(Ldap架构和dns)提供了一定程度的负载平衡和故障切换,并且配置非常简单。 我们也可以使用此功能来扩展环境。

我将使用现有的Samba4 AD服务器和一个新的附加服务器。

注意:在我以前的文章中,我使用192.168.1.190作为主域控制器,由于 我的实验室环境 中的 ipaddress 冲突, 我将其更改为192.168.1.180。

服务器

  • 192.168.1.180,samba4.sunil.cc – 主域控制器Centos7 AD1
  • 192.168.1.170,dc.sunil.cc – 辅助域控制器或其他域控制器Centos7 AD2

在本教程中,每当我指出AD1指的是主AD服务器AD2是指二级服务器 ,那么请参考这个链接。

配置主域控制器

请参考这个链接

Samba 4与Active Directory在CentOS 7 rpm的基础上安装共享支持

配置辅助域控制器

AD2

在服务器192.168.1.170,dc.sunil.cc – (辅助域控制器或其他域控制器)做:

我们将以Centos 7为基础,启用SELinux。

[[email protected] ~]# yum -y update

Selinux已启用。

[[email protected] ~]# sestatusSELinux status:                 enabledSELinuxfs mount:                /sys/fs/selinuxSELinux root directory:         /etc/selinuxLoaded policy name:             targetedCurrent mode:                   enforcingMode from config file:          enforcingPolicy MLS status:              enabledPolicy deny_unknown status:     allowedMax kernel policy version:      28[[email protected] ~]#

在主机文件中输入条目:

请确保在/ etc / hosts中添加主AD和辅助AD

AD1

[[email protected] ~]# cat /etc/hosts127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4::1         localhost localhost.localdomain localhost6 localhost6.localdomain6192.168.1.180   samba4.sunil.cc         samba4192.168.1.170   dc.sunil.cc     dc[[email protected] ~]#

AD2

[[email protected] ~]# cat /etc/hosts127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4::1         localhost localhost.localdomain localhost6 localhost6.localdomain6192.168.1.180   samba4.sunil.cc         samba4192.168.1.170   dc.sunil.cc     dc[[email protected] ~]#

启用epel repo。

[[email protected] ~]# yum install epel-release -y

安装基本软件包

 [[email protected] ~]# yum install vim wget authconfig krb5-workstation -y 

安装samba4 rpms的机翼repo。

 [[email protected] ~]# cd /etc/yum.repos.d/[[email protected] yum.repos.d]# wget http://wing-net.ddo.jp/wing/7/EL7.wing.repo[[email protected] yum.repos.d]# sed -i '[email protected][email protected][email protected]' /etc/yum.repos.d/EL7.wing.repo[[email protected] yum.repos.d]# yum clean allLoaded plugins: fastestmirrorCleaning repos: base extras updates wing wing-sourceCleaning up everythingCleaning up list of fastest mirrors[[email protected] yum.repos.d]# 

现在安装samba4包。

[[email protected] yum.repos.d]# yum install -y samba45 samba45-winbind-clients samba45-winbind samba45-client\samba45-dc samba45-pidl samba45-python samba45-winbind-krb5-locator perl-Parse-Yapp\perl-Test-Base python2-crypto samba45-common-tools

修改resolv.conf ,确保Nameservers指向主域控制器,这里我们使用192.168.1.180。

[[email protected] ~]# cat /etc/resolv.conf# Generated by NetworkManagersearch sunil.ccnameserver 192.168.1.180[[email protected] ~]#

现在我们删除这些文件,因为我们将在以后创建它们。

[[email protected] ~]# rm -rf /etc/krb5.conf[[email protected] ~]# rm -rf /etc/samba/smb.conf

现在在krb5.conf中添加以下内容,这里我们的域名是sunil.cc,域名是SUNIL.CC。

[[email protected] ~]# cat /etc/krb5.conf[libdefaults]    dns_lookup_realm = false    dns_lookup_kdc = true    default_realm = SUNIL.CC[[email protected] ~]#

检查是否可以从samba4服务器获取kerberos密钥。

[[email protected] ~]# kinit [email protected].CCPassword for [email protected].CC:Warning: Your password will expire in 42 days on Sat 15 Jul 2017 10:54:19 PM CEST[[email protected] ~]# klistTicket cache: FILE:/tmp/krb5cc_0Default principal: [email protected].CCValid starting       Expires              Service principal06/03/2017 20:33:08  06/04/2017 06:33:08  krbtgt/SUNIL.[email protected].CC        renew until 06/04/2017 20:33:04[[email protected] ~]#

如果您没有获得密钥,请确保时间同步,并检查resolv.conf。

现在将服务器添加到现有域。

[[email protected] yum.repos.d]# samba-tool domain join sunil.cc  DC -U"SUNIL\administrator" --dns-backend=SAMBA_INTERNALFinding a writeable DC for domain 'sunil.cc'Found DC samba4.sunil.ccPassword for [SUNIL\administrator]:workgroup is SUNILrealm is sunil.ccAdding CN=DC,OU=Domain Controllers,DC=sunil,DC=ccAdding CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunil,DC=ccAdding CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunil,DC=ccAdding SPNs to CN=DC,OU=Domain Controllers,DC=sunil,DC=ccSetting account password for DC$Enabling accountCalling bare provisionLooking up IPv4 addressesLooking up IPv6 addressesNo IPv6 address will be assignedSetting up share.ldbSetting up secrets.ldbSetting up the registrySetting up the privileges databaseSetting up idmap dbSetting up SAM dbSetting up sam.ldb partitions and settingsSetting up sam.ldb rootDSEPre-loading the Samba 4 and AD schemaA Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.confProvision OK for domain DN DC=sunil,DC=ccStarting replicationSchema-DN[CN=Schema,CN=Configuration,DC=sunil,DC=cc] objects[402/1550] linked_values[0/0]Schema-DN[CN=Schema,CN=Configuration,DC=sunil,DC=cc] objects[804/1550] linked_values[0/0]Schema-DN[CN=Schema,CN=Configuration,DC=sunil,DC=cc] objects[1206/1550] linked_values[0/0]Schema-DN[CN=Schema,CN=Configuration,DC=sunil,DC=cc] objects[1550/1550] linked_values[0/0]Analyze and apply schema objectsPartition[CN=Configuration,DC=sunil,DC=cc] objects[402/1614] linked_values[0/0]Partition[CN=Configuration,DC=sunil,DC=cc] objects[804/1614] linked_values[0/0]Partition[CN=Configuration,DC=sunil,DC=cc] objects[1206/1614] linked_values[0/0]Partition[CN=Configuration,DC=sunil,DC=cc] objects[1608/1614] linked_values[0/0]Partition[CN=Configuration,DC=sunil,DC=cc] objects[1614/1614] linked_values[30/0]Replicating critical objects from the base DN of the domainPartition[DC=sunil,DC=cc] objects[97/97] linked_values[23/0]Partition[DC=sunil,DC=cc] objects[360/263] linked_values[23/0]Done with always replicated NC (base, config, schema)Replicating DC=DomainDnsZones,DC=sunil,DC=ccPartition[DC=DomainDnsZones,DC=sunil,DC=cc] objects[40/40] linked_values[0/0]Replicating DC=ForestDnsZones,DC=sunil,DC=ccPartition[DC=ForestDnsZones,DC=sunil,DC=cc] objects[18/18] linked_values[0/0]Committing SAM databaseSending DsReplicaUpdateRefs for all the replicated partitionsSetting isSynchronized and dsServiceNameSetting up secrets databaseJoined domain SUNIL (SID S-1-5-21-2550466525-3862778800-1252273829) as a DC[[email protected] yum.repos.d]#

添加防火墙规则。

[[email protected] ~]# firewall-cmd --add-port=53/tcp --permanent;firewall-cmd --add-port=53/udp --permanent;firewall-cmd --add-port=88/tcp --permanent;firewall-cmd --add-port=88/udp --permanent; \firewall-cmd --add-port=135/tcp --permanent;firewall-cmd --add-port=137-138/udp --permanent;firewall-cmd --add-port=139/tcp --permanent; \firewall-cmd --add-port=389/tcp --permanent;firewall-cmd --add-port=389/udp --permanent;firewall-cmd --add-port=445/tcp --permanent; \firewall-cmd --add-port=464/tcp --permanent;firewall-cmd --add-port=464/udp --permanent;firewall-cmd --add-port=636/tcp --permanent; \firewall-cmd --add-port=1024-3500/tcp --permanent;firewall-cmd --add-port=3268-3269/tcp --permanent[[email protected] ~]# firewall-cmd --reload

现在添加启动脚本,因为来自wing的samba4 rpm没有。

[[email protected] ~]# cat /etc/systemd/system/samba.service[Unit]Description= Samba 4 Active DirectoryAfter=syslog.targetAfter=network.target[Service]Type=forkingPIDFile=/var/run/samba.pidExecStart=/usr/sbin/samba[Install]WantedBy=multi-user.target[[email protected] ~]#

Samba 4目前不支持sysvol复制,这对于组GID映射是必需的,下面是解决方法:

需要占用idmap.ldb的备份并恢复。

DC1

安装包装。

[[email protected] ~]#yum install tdb-tools

热备份

[[email protected] ~]# tdbbackup -s .bak /var/lib/samba/private/idmap.ldb

将备份文件复制到DC2。

[[email protected] ~]# ls -l /var/lib/samba/private/idmap.ldb.bak-rw-------. 1 root root 61440 Jun  3 09:52 /var/lib/samba/private/idmap.ldb.bak[[email protected] ~]# scp -r /var/lib/samba/private/idmap.ldb.bak [email protected].sunil.cc:/var/lib/samba/private/idmap.ldb

DC2

现在开始Samba服务。

[[email protected] ~]# systemctl enable sambaCreated symlink from /etc/systemd/system/multi-user.target.wants/samba.service to /etc/systemd/system/samba.service.[[email protected] ~]# systemctl start samba

DC1

将resolv.conf文件更改为192.168.1.180。

[[email protected] ~]# cat /etc/resolv.conf# Generated by NetworkManagersearch sunil.ccnameserver 192.168.1.180[[email protected] ~]#

创建链接。

[[email protected] ~]# ln -s /var/lib/samba/private/krb5.conf /etc/krb5.conf[[email protected] ~]# cat /etc/krb5.conf[libdefaults]        default_realm = SUNIL.CC        dns_lookup_realm = false        dns_lookup_kdc = true[[email protected] ~]#

现在检查Kerberos票。

[[email protected] ~]# kinit [email protected].CCPassword for [email protected].CC:Warning: Your password will expire in 42 days on Sat 15 Jul 2017 10:54:19 PM CEST[[email protected] ~]# klistTicket cache: FILE:/tmp/krb5cc_0Default principal: [email protected].CCValid starting       Expires              Service principal06/03/2017 22:03:07  06/04/2017 08:03:07  krbtgt/SUNIL.[email protected].CC        renew until 06/04/2017 22:03:03[[email protected] ~]#

现在我们的其他域控制器已准备好,让我们检查复制。

DC2

[[email protected] ~]# samba-tool drs showreplDefault-First-Site-Name\DCDSA Options: 0x00000001DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742cDSA invocationId: e3f76609-f5f0-421d-99ad-38e1fba10b08==== INBOUND NEIGHBORS ====CN=Schema,CN=Configuration,DC=sunil,DC=cc        Default-First-Site-Name\SAMBA4 via RPC                DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d                Last attempt @ Sat Jun  3 22:37:24 2017 CEST was successful                0 consecutive failure(s).                Last success @ Sat Jun  3 22:37:24 2017 CESTDC=DomainDnsZones,DC=sunil,DC=cc        Default-First-Site-Name\SAMBA4 via RPC                DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d                Last attempt @ Sat Jun  3 22:37:24 2017 CEST was successful                0 consecutive failure(s).                Last success @ Sat Jun  3 22:37:24 2017 CESTDC=ForestDnsZones,DC=sunil,DC=cc        Default-First-Site-Name\SAMBA4 via RPC                DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d                Last attempt @ Sat Jun  3 22:37:24 2017 CEST was successful                0 consecutive failure(s).                Last success @ Sat Jun  3 22:37:24 2017 CESTDC=sunil,DC=cc        Default-First-Site-Name\SAMBA4 via RPC                DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d                Last attempt @ Sat Jun  3 22:37:24 2017 CEST was successful                0 consecutive failure(s).                Last success @ Sat Jun  3 22:37:24 2017 CESTCN=Configuration,DC=sunil,DC=cc        Default-First-Site-Name\SAMBA4 via RPC                DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d                Last attempt @ Sat Jun  3 22:37:24 2017 CEST was successful                0 consecutive failure(s).                Last success @ Sat Jun  3 22:37:24 2017 CEST==== OUTBOUND NEIGHBORS ====CN=Schema,CN=Configuration,DC=sunil,DC=cc        Default-First-Site-Name\SAMBA4 via RPC                DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d                Last attempt @ NTTIME(0) was successful                0 consecutive failure(s).                Last success @ NTTIME(0)DC=DomainDnsZones,DC=sunil,DC=cc        Default-First-Site-Name\SAMBA4 via RPC                DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d                Last attempt @ NTTIME(0) was successful                0 consecutive failure(s).                Last success @ NTTIME(0)DC=ForestDnsZones,DC=sunil,DC=cc        Default-First-Site-Name\SAMBA4 via RPC                DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d                Last attempt @ NTTIME(0) was successful                0 consecutive failure(s).                Last success @ NTTIME(0)DC=sunil,DC=cc        Default-First-Site-Name\SAMBA4 via RPC                DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d                Last attempt @ NTTIME(0) was successful                0 consecutive failure(s).                Last success @ NTTIME(0)CN=Configuration,DC=sunil,DC=cc        Default-First-Site-Name\SAMBA4 via RPC                DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d                Last attempt @ NTTIME(0) was successful                0 consecutive failure(s).                Last success @ NTTIME(0)==== KCC CONNECTION OBJECTS ====Connection --        Connection name: 9a2b9a9c-064d-4de1-8c38-20072735de1c        Enabled        : TRUE        Server DNS name : samba4.sunil.cc        Server DN name  : CN=NTDS Settings,CN=SAMBA4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunil,DC=cc                TransportType: RPC                options: 0x00000001Warning: No NC replicated for Connection![[email protected] ~]#

DC1

运行相同的命令。

[[email protected] private]# samba-tool drs showreplDefault-First-Site-Name\SAMBA4DSA Options: 0x00000001DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40dDSA invocationId: 745838cd-21e5-4bea-aa28-400a21d59a83==== INBOUND NEIGHBORS ====DC=ForestDnsZones,DC=sunil,DC=cc        Default-First-Site-Name\DC via RPC                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c                Last attempt @ Sat Jun  3 09:53:48 2017 CEST failed, result 2 (WERR_BADFILE)                1 consecutive failure(s).                Last success @ NTTIME(0)DC=DomainDnsZones,DC=sunil,DC=cc        Default-First-Site-Name\DC via RPC                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c                Last attempt @ Sat Jun  3 09:53:49 2017 CEST failed, result 2 (WERR_BADFILE)                1 consecutive failure(s).                Last success @ NTTIME(0)DC=sunil,DC=cc        Default-First-Site-Name\DC via RPC                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c                Last attempt @ Sat Jun  3 09:53:49 2017 CEST failed, result 2 (WERR_BADFILE)                1 consecutive failure(s).                Last success @ NTTIME(0)CN=Schema,CN=Configuration,DC=sunil,DC=cc        Default-First-Site-Name\DC via RPC                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c                Last attempt @ Sat Jun  3 09:53:49 2017 CEST failed, result 2 (WERR_BADFILE)                1 consecutive failure(s).                Last success @ NTTIME(0)CN=Configuration,DC=sunil,DC=cc        Default-First-Site-Name\DC via RPC                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c                Last attempt @ Sat Jun  3 09:53:49 2017 CEST failed, result 2 (WERR_BADFILE)                1 consecutive failure(s).                Last success @ NTTIME(0)==== OUTBOUND NEIGHBORS ====DC=ForestDnsZones,DC=sunil,DC=cc        Default-First-Site-Name\DC via RPC                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c                Last attempt @ Sat Jun  3 09:57:06 2017 CEST failed, result 2 (WERR_BADFILE)                3 consecutive failure(s).                Last success @ NTTIME(0)DC=DomainDnsZones,DC=sunil,DC=cc        Default-First-Site-Name\DC via RPC                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c                Last attempt @ Sat Jun  3 09:57:06 2017 CEST failed, result 2 (WERR_BADFILE)                3 consecutive failure(s).                Last success @ NTTIME(0)DC=sunil,DC=cc        Default-First-Site-Name\DC via RPC                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c                Last attempt @ Sat Jun  3 09:57:06 2017 CEST failed, result 2 (WERR_BADFILE)                3 consecutive failure(s).                Last success @ NTTIME(0)CN=Schema,CN=Configuration,DC=sunil,DC=cc        Default-First-Site-Name\DC via RPC                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c                Last attempt @ Sat Jun  3 09:57:02 2017 CEST failed, result 2 (WERR_BADFILE)                2 consecutive failure(s).                Last success @ NTTIME(0)CN=Configuration,DC=sunil,DC=cc        Default-First-Site-Name\DC via RPC                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c                Last attempt @ Sat Jun  3 09:57:02 2017 CEST failed, result 2 (WERR_BADFILE)                2 consecutive failure(s).                Last success @ NTTIME(0)==== KCC CONNECTION OBJECTS ====Connection --        Connection name: 9c5f7fe2-3cb7-4bb4-9f46-d2922a7a7ab4        Enabled        : TRUE        Server DNS name : dc.sunil.cc        Server DN name  : CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunil,DC=cc                TransportType: RPC                options: 0x00000001Warning: No NC replicated for Connection![[email protected] private]#

如果您看到此错误,那么复制有问题,我们将需要重新启动复制。

[[email protected] private]# samba-tool drs replicate samba4.sunil.cc dc.sunil.cc DC=sunil,DC=ccReplicate from dc.sunil.cc to samba4.sunil.cc was successful.[[email protected] private]#

现在复制应该可以正常工作。

[[email protected] private]# samba-tool drs showreplDefault-First-Site-Name\SAMBA4DSA Options: 0x00000001DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40dDSA invocationId: 745838cd-21e5-4bea-aa28-400a21d59a83==== INBOUND NEIGHBORS ====DC=ForestDnsZones,DC=sunil,DC=cc        Default-First-Site-Name\DC via RPC                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c                Last attempt @ Sat Jun  3 10:42:04 2017 CEST was successful                0 consecutive failure(s).                Last success @ Sat Jun  3 10:42:04 2017 CESTDC=DomainDnsZones,DC=sunil,DC=cc        Default-First-Site-Name\DC via RPC                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c                Last attempt @ Sat Jun  3 10:42:04 2017 CEST was successful                0 consecutive failure(s).                Last success @ Sat Jun  3 10:42:04 2017 CESTDC=sunil,DC=cc        Default-First-Site-Name\DC via RPC                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c                Last attempt @ Sat Jun  3 10:42:04 2017 CEST was successful                0 consecutive failure(s).                Last success @ Sat Jun  3 10:42:04 2017 CESTCN=Schema,CN=Configuration,DC=sunil,DC=cc        Default-First-Site-Name\DC via RPC                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c                Last attempt @ Sat Jun  3 10:42:04 2017 CEST was successful                0 consecutive failure(s).                Last success @ Sat Jun  3 10:42:04 2017 CESTCN=Configuration,DC=sunil,DC=cc        Default-First-Site-Name\DC via RPC                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c                Last attempt @ Sat Jun  3 10:42:04 2017 CEST was successful                0 consecutive failure(s).                Last success @ Sat Jun  3 10:42:04 2017 CEST==== OUTBOUND NEIGHBORS ====DC=ForestDnsZones,DC=sunil,DC=cc        Default-First-Site-Name\DC via RPC                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c                Last attempt @ NTTIME(0) was successful                0 consecutive failure(s).                Last success @ NTTIME(0)DC=DomainDnsZones,DC=sunil,DC=cc        Default-First-Site-Name\DC via RPC                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c                Last attempt @ NTTIME(0) was successful                0 consecutive failure(s).                Last success @ NTTIME(0)DC=sunil,DC=cc        Default-First-Site-Name\DC via RPC                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c                Last attempt @ NTTIME(0) was successful                0 consecutive failure(s).                Last success @ NTTIME(0)CN=Schema,CN=Configuration,DC=sunil,DC=cc        Default-First-Site-Name\DC via RPC                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c                Last attempt @ NTTIME(0) was successful                0 consecutive failure(s).                Last success @ NTTIME(0)CN=Configuration,DC=sunil,DC=cc        Default-First-Site-Name\DC via RPC                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c                Last attempt @ NTTIME(0) was successful                0 consecutive failure(s).                Last success @ NTTIME(0)==== KCC CONNECTION OBJECTS ====Connection --        Connection name: 9c5f7fe2-3cb7-4bb4-9f46-d2922a7a7ab4        Enabled        : TRUE        Server DNS name : dc.sunil.cc        Server DN name  : CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunil,DC=cc                TransportType: RPC                options: 0x00000001Warning: No NC replicated for Connection![[email protected] private]#

现在测试是否在DC1和DC2之间复制对象。

我们将首先在DC2中创建一个测试用户,看看用户是否在DC1中看到。

DC2

[[email protected] ~]# samba-tool user create howtoingNew Password:Retype Password:User 'howtoing' created successfully[[email protected] ~]# samba-tool user listAdministratorhowtoingtest_user1test_userkrbtgtGuest[[email protected] ~]#

现在从DC1检查相同。

DC1

[[email protected] ~]# samba-tool user listAdministratorhowtoingtest_user1test_userkrbtgtGuest[[email protected] ~]#

现在来看看DNS复制。

我将使用我之前在Samba4域控制器安装源代码中使用的Windows 10客户机。

192.168.1.191远程管理Win 10。

将AD2服务器添加为辅助DNS。

添加辅助DNS

测试DNS复制。

检查名称解析。

[[email protected] ~]# nslookup test.sunil.cc 192.168.1.170Server:         192.168.1.170Address:        192.168.1.170#53Name:   test.sunil.ccAddress: 192.168.1.200[[email protected] ~]# nslookup test.sunil.cc 192.168.1.180Server:         192.168.1.180Address:        192.168.1.180#53Name:   test.sunil.ccAddress: 192.168.1.200[[email protected] ~]#

这是DNS和复制在Samba 4中的工作原理。

赞(0) 打赏
未经允许不得转载:老赵部落 » Samba 4用于CentOS 7上的故障切换复制的其他域控制器

评论 抢沙发