差分
このページの2つのバージョン間の差分を表示します。
両方とも前のリビジョン 前のリビジョン 次のリビジョン | 前のリビジョン 次のリビジョン両方とも次のリビジョン | ||
linux:samba:samba_ad_dc_replication [2013/10/17 06:12] – [パッケージインストール] ともやん | linux:samba:samba_ad_dc_replication [2013/11/20 16:17] – [パッケージインストール] ともやん | ||
---|---|---|---|
行 6: | 行 6: | ||
===== パッケージインストール ===== | ===== パッケージインストール ===== | ||
< | < | ||
- | $ sudo yum install samba samba-dc samba-client tdb-tools psmisc krb5-workstation --enablerepo=mgc | + | $ sudo yum install samba samba-dc samba-client |
+ | tdb-tools psmisc krb5-workstation --enablerepo=mgc | ||
</ | </ | ||
+ | wbinfoを使えるように以下もインストールしておくとよい。 | ||
+ | < | ||
+ | $ sudo yum install samba-winbind-clients --enablerepo=mgc | ||
+ | </ | ||
===== Kerberosクライアントのデフォルト設定 ===== | ===== Kerberosクライアントのデフォルト設定 ===== | ||
行 40: | 行 45: | ||
# admin_server = kerberos.example.com | # admin_server = kerberos.example.com | ||
# } | # } | ||
- | | + | |
- | kdc = blue-dc.fireball.local <- 追記 | + | kdc = blue-dc.fireball.local |
- | | + | kdc = blue-dc1.fireball.local <- |
+ | | ||
[domain_realm] | [domain_realm] | ||
行 50: | 行 56: | ||
| | ||
</ | </ | ||
+ | |||
+ | ===== Kerberosの動作確認 ===== | ||
+ | < | ||
+ | $ kinit administrator | ||
+ | Password for administrator@FIREBALL.LOCAL: | ||
+ | Warning: Your password will expire in 41 days on 2013年11月20日 01時23分51秒 | ||
+ | </ | ||
+ | |||
+ | ===== DCとしてドメインへ参加 ===== | ||
+ | |||
+ | ==== 設定ファイルのバックアップ ==== | ||
+ | < | ||
+ | $ sudo mv / | ||
+ | </ | ||
+ | または | ||
+ | < | ||
+ | $ sudo rm / | ||
+ | </ | ||
+ | ※smb.confを移動 or 削除しないとsamba-toolでエラーが発生する。 | ||
+ | |||
+ | ==== DCのドメイン参加 ==== | ||
+ | < | ||
+ | $ sudo samba-tool domain join fireball.local DC -Uadministrator --realm=fireball.local | ||
+ | Finding a writeable DC for domain ' | ||
+ | Found DC blue-dc.fireball.local | ||
+ | Password for [WORKGROUP\administrator]: | ||
+ | workgroup is FIREBALL | ||
+ | realm is fireball.local | ||
+ | checking sAMAccountName | ||
+ | Adding CN=BLUE-DC2, | ||
+ | Adding CN=BLUE-DC2, | ||
+ | Adding CN=NTDS Settings, | ||
+ | Adding SPNs to CN=BLUE-DC2, | ||
+ | Setting account password for BLUE-DC2$ | ||
+ | Enabling account | ||
+ | Calling bare provision | ||
+ | No IPv6 address will be assigned | ||
+ | Provision OK for domain DN DC=fireball, | ||
+ | Starting replication | ||
+ | Schema-DN[CN=Schema, | ||
+ | Schema-DN[CN=Schema, | ||
+ | Schema-DN[CN=Schema, | ||
+ | Schema-DN[CN=Schema, | ||
+ | Analyze and apply schema objects | ||
+ | Partition[CN=Configuration, | ||
+ | Partition[CN=Configuration, | ||
+ | Partition[CN=Configuration, | ||
+ | Partition[CN=Configuration, | ||
+ | Partition[CN=Configuration, | ||
+ | Replicating critical objects from the base DN of the domain | ||
+ | Partition[DC=fireball, | ||
+ | Partition[DC=fireball, | ||
+ | Done with always replicated NC (base, config, schema) | ||
+ | Replicating DC=DomainDnsZones, | ||
+ | Partition[DC=DomainDnsZones, | ||
+ | Replicating DC=ForestDnsZones, | ||
+ | Partition[DC=ForestDnsZones, | ||
+ | Partition[DC=ForestDnsZones, | ||
+ | Committing SAM database | ||
+ | Sending DsReplicateUpdateRefs for all the replicated partitions | ||
+ | Setting isSynchronized and dsServiceName | ||
+ | Setting up secrets database | ||
+ | Joined domain FIREBALL (SID S-1-5-21-4124656217-1713613446-3469194152) as a DC | ||
+ | </ | ||
+ | |||
+ | ==== 生成された設定ファイルの修正 ==== | ||
+ | < | ||
+ | $ cat / | ||
+ | </ | ||
+ | <code autoconf> | ||
+ | # Global parameters | ||
+ | [global] | ||
+ | workgroup = FIREBALL | ||
+ | realm = fireball.local | ||
+ | netbios name = BLUE-DC2 | ||
+ | server role = active directory domain controller | ||
+ | dns forwarder = 192.168.1.10 <- 最初に構築したDCのIPアドレスを追記 | ||
+ | idmap_ldb: | ||
+ | printing = bsd <- 追記 | ||
+ | |||
+ | [netlogon] | ||
+ | path = / | ||
+ | read only = No | ||
+ | |||
+ | [sysvol] | ||
+ | path = / | ||
+ | read only = No | ||
+ | </ | ||
+ | ===== サービス定義ファイルの作成 ===== | ||
+ | < | ||
+ | $ sudo vi / | ||
+ | </ | ||
+ | <code ini> | ||
+ | [Unit] | ||
+ | Description=Samba Active Directory Domain Controller Daemon | ||
+ | After=syslog.target network.target named.service | ||
+ | |||
+ | [Service] | ||
+ | Type=forking | ||
+ | PIDFile=/ | ||
+ | LimitNOFILE=16384 | ||
+ | EnvironmentFile=-/ | ||
+ | ExecStart=/ | ||
+ | ExecReload=/ | ||
+ | ExecStop=/ | ||
+ | |||
+ | [Install] | ||
+ | WantedBy=multi-user.target | ||
+ | </ | ||
+ | |||
+ | ===== サービス自動起動設定 ===== | ||
+ | < | ||
+ | $ sudo systemctl enable samba.service | ||
+ | </ | ||
+ | |||
+ | ===== サービス起動 ===== | ||
+ | < | ||
+ | $ sudo systemctl start samba.service | ||
+ | </ | ||
+ | |||
+ | ===== DC間のレプリケーション動作確認 ===== | ||
+ | < | ||
+ | $ sudo samba-tool drs showrepl | ||
+ | </ | ||
+ | < | ||
+ | Default-First-Site-Name\BLUE-DC2 | ||
+ | DSA Options: 0x00000001 | ||
+ | DSA object GUID: 7072208a-a934-4288-8df9-7f6140af0ee0 | ||
+ | DSA invocationId: | ||
+ | |||
+ | ==== INBOUND NEIGHBORS ==== | ||
+ | |||
+ | DC=DomainDnsZones, | ||
+ | Default-First-Site-Name\BLUE-DC via RPC | ||
+ | DSA object GUID: ea201fc1-7580-4e6f-b041-8ee42f472a9a | ||
+ | Last attempt @ Thu Oct 17 06:49:58 2013 JST was successful | ||
+ | 0 consecutive failure(s). | ||
+ | Last success @ Thu Oct 17 06:49:58 2013 JST | ||
+ | |||
+ | CN=Schema, | ||
+ | Default-First-Site-Name\BLUE-DC via RPC | ||
+ | DSA object GUID: ea201fc1-7580-4e6f-b041-8ee42f472a9a | ||
+ | Last attempt @ Thu Oct 17 06:49:58 2013 JST was successful | ||
+ | 0 consecutive failure(s). | ||
+ | Last success @ Thu Oct 17 06:49:58 2013 JST | ||
+ | |||
+ | DC=fireball, | ||
+ | Default-First-Site-Name\BLUE-DC via RPC | ||
+ | DSA object GUID: ea201fc1-7580-4e6f-b041-8ee42f472a9a | ||
+ | Last attempt @ Thu Oct 17 06:49:58 2013 JST was successful | ||
+ | 0 consecutive failure(s). | ||
+ | Last success @ Thu Oct 17 06:49:58 2013 JST | ||
+ | |||
+ | CN=Configuration, | ||
+ | Default-First-Site-Name\BLUE-DC via RPC | ||
+ | DSA object GUID: ea201fc1-7580-4e6f-b041-8ee42f472a9a | ||
+ | Last attempt @ Thu Oct 17 06:49:58 2013 JST was successful | ||
+ | 0 consecutive failure(s). | ||
+ | Last success @ Thu Oct 17 06:49:58 2013 JST | ||
+ | |||
+ | DC=ForestDnsZones, | ||
+ | Default-First-Site-Name\BLUE-DC via RPC | ||
+ | DSA object GUID: ea201fc1-7580-4e6f-b041-8ee42f472a9a | ||
+ | Last attempt @ Thu Oct 17 06:49:58 2013 JST was successful | ||
+ | 0 consecutive failure(s). | ||
+ | Last success @ Thu Oct 17 06:49:58 2013 JST | ||
+ | |||
+ | ==== OUTBOUND NEIGHBORS ==== | ||
+ | |||
+ | ==== KCC CONNECTION OBJECTS ==== | ||
+ | |||
+ | Connection -- | ||
+ | Connection name: 4bd1dee9-545a-4ba1-ba73-0926e3fb22e7 | ||
+ | Enabled | ||
+ | Server DNS name : blue-dc.fireball.local | ||
+ | Server DN name : CN=NTDS Settings, | ||
+ | CN=Default-First-Site-Name, | ||
+ | TransportType: | ||
+ | options: 0x00000001 | ||
+ | Warning: No NC replicated for Connection! | ||
+ | </ | ||
+ | |||
+ | ===== 参考文献 ===== | ||
+ | [[http:// | ||
+ | [[https:// | ||
+ |