差分
このページの2つのバージョン間の差分を表示します。
| 次のリビジョン | 前のリビジョン | ||
| linux:samba:samba_ad_dc_replication [2013/10/17 04:44] – 作成 ともやん | linux:samba:samba_ad_dc_replication [2019/05/18 02:23] (現在) – 外部編集 非ログインユーザー | ||
|---|---|---|---|
| 行 1: | 行 1: | ||
| ====== Samba AD DCの冗長化 ====== | ====== Samba AD DCの冗長化 ====== | ||
| + | |||
| + | ===== プライベートリポジトリの設定 ===== | ||
| + | [[linux: | ||
| + | |||
| + | ===== パッケージインストール ===== | ||
| + | < | ||
| + | $ sudo yum install samba samba-dc samba-client bind-utils \ | ||
| + | tdb-tools psmisc krb5-workstation --enablerepo=mgc | ||
| + | </ | ||
| + | |||
| + | wbinfoを使えるように以下もインストールしておくとよい。 | ||
| + | < | ||
| + | $ sudo yum install samba-winbind-clients --enablerepo=mgc | ||
| + | </ | ||
| + | ===== Kerberosクライアントのデフォルト設定 ===== | ||
| + | |||
| + | ==== 設定ファイルのバックアップ ==== | ||
| + | < | ||
| + | $ sudo cp / | ||
| + | </ | ||
| + | |||
| + | ==== 設定ファイルの編集 ==== | ||
| + | < | ||
| + | $ sudo vi / | ||
| + | </ | ||
| + | <code autoconf> | ||
| + | [logging] | ||
| + | | ||
| + | kdc = FILE:/ | ||
| + | | ||
| + | |||
| + | [libdefaults] | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | rdns = false | ||
| + | |||
| + | [realms] | ||
| + | # EXAMPLE.COM = { | ||
| + | # kdc = kerberos.example.com | ||
| + | # admin_server = kerberos.example.com | ||
| + | # } | ||
| + | | ||
| + | kdc = blue-dc.fireball.local | ||
| + | kdc = blue-dc1.fireball.local <- | ||
| + | | ||
| + | |||
| + | [domain_realm] | ||
| + | # .example.com = EXAMPLE.COM | ||
| + | # example.com = EXAMPLE.COM | ||
| + | | ||
| + | | ||
| + | </ | ||
| + | |||
| + | ===== Kerberosの動作確認 ===== | ||
| + | < | ||
| + | $ kinit administrator | ||
| + | Password for administrator@FIREBALL.LOCAL: | ||
| + | Warning: Your password will expire in 41 days on 2013年11月20日 01時23分51秒 | ||
| + | </ | ||
| + | |||
| + | ===== DCとしてドメインへ参加 ===== | ||
| + | |||
| + | ==== 設定ファイルのバックアップ ==== | ||
| + | < | ||
| + | $ sudo mv / | ||
| + | </ | ||
| + | または | ||
| + | < | ||
| + | $ sudo rm / | ||
| + | </ | ||
| + | ※smb.confを移動 or 削除しないとsamba-toolでエラーが発生する。 | ||
| + | |||
| + | ==== DCのドメイン参加 ==== | ||
| + | < | ||
| + | $ sudo samba-tool domain join fireball.local DC -Uadministrator --realm=fireball.local | ||
| + | </ | ||
| + | < | ||
| + | Finding a writeable DC for domain ' | ||
| + | Found DC blue-dc.fireball.local | ||
| + | Password for [WORKGROUP\administrator]: | ||
| + | workgroup is FIREBALL | ||
| + | realm is fireball.local | ||
| + | checking sAMAccountName | ||
| + | Adding CN=BLUE-DC2, | ||
| + | Adding CN=BLUE-DC2, | ||
| + | Adding CN=NTDS Settings, | ||
| + | Adding SPNs to CN=BLUE-DC2, | ||
| + | Setting account password for BLUE-DC2$ | ||
| + | Enabling account | ||
| + | Calling bare provision | ||
| + | No IPv6 address will be assigned | ||
| + | Provision OK for domain DN DC=fireball, | ||
| + | Starting replication | ||
| + | Schema-DN[CN=Schema, | ||
| + | Schema-DN[CN=Schema, | ||
| + | Schema-DN[CN=Schema, | ||
| + | Schema-DN[CN=Schema, | ||
| + | Analyze and apply schema objects | ||
| + | Partition[CN=Configuration, | ||
| + | Partition[CN=Configuration, | ||
| + | Partition[CN=Configuration, | ||
| + | Partition[CN=Configuration, | ||
| + | Partition[CN=Configuration, | ||
| + | Replicating critical objects from the base DN of the domain | ||
| + | Partition[DC=fireball, | ||
| + | Partition[DC=fireball, | ||
| + | Done with always replicated NC (base, config, schema) | ||
| + | Replicating DC=DomainDnsZones, | ||
| + | Partition[DC=DomainDnsZones, | ||
| + | Replicating DC=ForestDnsZones, | ||
| + | Partition[DC=ForestDnsZones, | ||
| + | Partition[DC=ForestDnsZones, | ||
| + | Committing SAM database | ||
| + | Sending DsReplicateUpdateRefs for all the replicated partitions | ||
| + | Setting isSynchronized and dsServiceName | ||
| + | Setting up secrets database | ||
| + | Joined domain FIREBALL (SID S-1-5-21-4124656217-1713613446-3469194152) as a DC | ||
| + | </ | ||
| + | |||
| + | ==== 生成された設定ファイルの修正 ==== | ||
| + | < | ||
| + | $ cat / | ||
| + | </ | ||
| + | <code autoconf> | ||
| + | # Global parameters | ||
| + | [global] | ||
| + | workgroup = FIREBALL | ||
| + | realm = fireball.local | ||
| + | netbios name = BLUE-DC2 | ||
| + | server role = active directory domain controller | ||
| + | dns forwarder = 192.168.1.10 <- 最初に構築したDCのIPアドレスを追記 | ||
| + | idmap_ldb: | ||
| + | printing = bsd <- 追記 | ||
| + | |||
| + | [netlogon] | ||
| + | path = / | ||
| + | read only = No | ||
| + | |||
| + | [sysvol] | ||
| + | path = / | ||
| + | read only = No | ||
| + | </ | ||
| + | ===== サービス定義ファイルの作成 ===== | ||
| + | < | ||
| + | $ sudo vi / | ||
| + | </ | ||
| + | <code ini> | ||
| + | [Unit] | ||
| + | Description=Samba Active Directory Domain Controller Daemon | ||
| + | After=syslog.target network.target named.service | ||
| + | |||
| + | [Service] | ||
| + | Type=forking | ||
| + | PIDFile=/ | ||
| + | LimitNOFILE=16384 | ||
| + | EnvironmentFile=-/ | ||
| + | ExecStart=/ | ||
| + | ExecReload=/ | ||
| + | ExecStop=/ | ||
| + | |||
| + | [Install] | ||
| + | WantedBy=multi-user.target | ||
| + | </ | ||
| + | |||
| + | ===== サービス自動起動設定 ===== | ||
| + | < | ||
| + | $ sudo systemctl enable samba.service | ||
| + | </ | ||
| + | |||
| + | ===== サービス起動 ===== | ||
| + | < | ||
| + | $ sudo systemctl start samba.service | ||
| + | </ | ||
| + | |||
| + | ===== DC間のレプリケーション動作確認 ===== | ||
| + | < | ||
| + | $ sudo samba-tool drs showrepl | ||
| + | </ | ||
| + | < | ||
| + | Default-First-Site-Name\BLUE-DC2 | ||
| + | DSA Options: 0x00000001 | ||
| + | DSA object GUID: 7072208a-a934-4288-8df9-7f6140af0ee0 | ||
| + | DSA invocationId: | ||
| + | |||
| + | ==== INBOUND NEIGHBORS ==== | ||
| + | |||
| + | DC=DomainDnsZones, | ||
| + | Default-First-Site-Name\BLUE-DC via RPC | ||
| + | DSA object GUID: ea201fc1-7580-4e6f-b041-8ee42f472a9a | ||
| + | Last attempt @ Thu Oct 17 06:49:58 2013 JST was successful | ||
| + | 0 consecutive failure(s). | ||
| + | Last success @ Thu Oct 17 06:49:58 2013 JST | ||
| + | |||
| + | CN=Schema, | ||
| + | Default-First-Site-Name\BLUE-DC via RPC | ||
| + | DSA object GUID: ea201fc1-7580-4e6f-b041-8ee42f472a9a | ||
| + | Last attempt @ Thu Oct 17 06:49:58 2013 JST was successful | ||
| + | 0 consecutive failure(s). | ||
| + | Last success @ Thu Oct 17 06:49:58 2013 JST | ||
| + | |||
| + | DC=fireball, | ||
| + | Default-First-Site-Name\BLUE-DC via RPC | ||
| + | DSA object GUID: ea201fc1-7580-4e6f-b041-8ee42f472a9a | ||
| + | Last attempt @ Thu Oct 17 06:49:58 2013 JST was successful | ||
| + | 0 consecutive failure(s). | ||
| + | Last success @ Thu Oct 17 06:49:58 2013 JST | ||
| + | |||
| + | CN=Configuration, | ||
| + | Default-First-Site-Name\BLUE-DC via RPC | ||
| + | DSA object GUID: ea201fc1-7580-4e6f-b041-8ee42f472a9a | ||
| + | Last attempt @ Thu Oct 17 06:49:58 2013 JST was successful | ||
| + | 0 consecutive failure(s). | ||
| + | Last success @ Thu Oct 17 06:49:58 2013 JST | ||
| + | |||
| + | DC=ForestDnsZones, | ||
| + | Default-First-Site-Name\BLUE-DC via RPC | ||
| + | DSA object GUID: ea201fc1-7580-4e6f-b041-8ee42f472a9a | ||
| + | Last attempt @ Thu Oct 17 06:49:58 2013 JST was successful | ||
| + | 0 consecutive failure(s). | ||
| + | Last success @ Thu Oct 17 06:49:58 2013 JST | ||
| + | |||
| + | ==== OUTBOUND NEIGHBORS ==== | ||
| + | |||
| + | ==== KCC CONNECTION OBJECTS ==== | ||
| + | |||
| + | Connection -- | ||
| + | Connection name: 4bd1dee9-545a-4ba1-ba73-0926e3fb22e7 | ||
| + | Enabled | ||
| + | Server DNS name : blue-dc.fireball.local | ||
| + | Server DN name : CN=NTDS Settings, | ||
| + | CN=Default-First-Site-Name, | ||
| + | TransportType: | ||
| + | options: 0x00000001 | ||
| + | Warning: No NC replicated for Connection! | ||
| + | </ | ||
| + | |||
| + | ===== 参考文献 ===== | ||
| + | [[http:// | ||
| + | [[https:// | ||
| + | |||