差分

このページの2つのバージョン間の差分を表示します。

--- linux:samba:samba_ad_dc_replication [2013/10/17 06:15] – [設定ファイルの編集] ともやん
+++ linux:samba:samba_ad_dc_replication [2019/05/18 02:23] (現在) – 外部編集非ログインユーザー
@@ 行 6: / 行 6: @@
 ===== パッケージインストール =====
 <code>
-$ sudo yum install samba samba-dc samba-client tdb-tools psmisc krb5-workstation --enablerepo=mgc
+$ sudo yum install samba samba-dc samba-client bind-utils \
+tdb-tools psmisc krb5-workstation --enablerepo=mgc
 </code>
+wbinfoを使えるように以下もインストールしておくとよい。
+<code>
+$ sudo yum install samba-winbind-clients --enablerepo=mgc
+</code>
 ===== Kerberosクライアントのデフォルト設定 =====
@@ 行 40: / 行 45: @@
 #  admin_server = kerberos.example.com
 # }
- FIREBALL.LOCAL = {            <-
+ FIREBALL.LOCAL = {             <-
-  kdc = blue-dc.fireball.local <- 追記
+  kdc = blue-dc.fireball.local  <- 追記
- }                             <-
+  kdc = blue-dc1.fireball.local <-
+ }                              <-
 [domain_realm]
@@ 行 57: / 行 63: @@
 Warning: Your password will expire in 41 days on 2013年11月20日 01時23分51秒
 </code>
+===== DCとしてドメインへ参加 =====
+==== 設定ファイルのバックアップ ====
+<code>
+$ sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.org
+</code>
+または
+<code>
+$ sudo rm /etc/samba/smb.conf
+</code>
+※smb.confを移動 or 削除しないとsamba-toolでエラーが発生する。
+==== DCのドメイン参加 ====
+<code>
+$ sudo samba-tool domain join fireball.local DC -Uadministrator --realm=fireball.local
+</code>
+<code>
+Finding a writeable DC for domain 'fireball.local'
+Found DC blue-dc.fireball.local
+Password for [WORKGROUP\administrator]: <-パスワードを入力
+workgroup is FIREBALL
+realm is fireball.local
+checking sAMAccountName
+Adding CN=BLUE-DC2,OU=Domain Controllers,DC=fireball,DC=local
+Adding CN=BLUE-DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fireball,DC=local
+Adding CN=NTDS Settings,CN=BLUE-DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fireball,DC=local
+Adding SPNs to CN=BLUE-DC2,OU=Domain Controllers,DC=fireball,DC=local
+Setting account password for BLUE-DC2$
+Enabling account
+Calling bare provision
+No IPv6 address will be assigned
+Provision OK for domain DN DC=fireball,DC=local
+Starting replication
+Schema-DN[CN=Schema,CN=Configuration,DC=fireball,DC=local] objects[402/1550] linked_values[0/0]
+Schema-DN[CN=Schema,CN=Configuration,DC=fireball,DC=local] objects[804/1550] linked_values[0/0]
+Schema-DN[CN=Schema,CN=Configuration,DC=fireball,DC=local] objects[1206/1550] linked_values[0/0]
+Schema-DN[CN=Schema,CN=Configuration,DC=fireball,DC=local] objects[1550/1550] linked_values[0/0]
+Analyze and apply schema objects
+Partition[CN=Configuration,DC=fireball,DC=local] objects[402/1615] linked_values[0/0]
+Partition[CN=Configuration,DC=fireball,DC=local] objects[804/1615] linked_values[0/0]
+Partition[CN=Configuration,DC=fireball,DC=local] objects[1206/1615] linked_values[0/0]
+Partition[CN=Configuration,DC=fireball,DC=local] objects[1608/1615] linked_values[0/0]
+Partition[CN=Configuration,DC=fireball,DC=local] objects[1615/1615] linked_values[28/0]
+Replicating critical objects from the base DN of the domain
+Partition[DC=fireball,DC=local] objects[97/97] linked_values[28/0]
+Partition[DC=fireball,DC=local] objects[365/268] linked_values[28/0]
+Done with always replicated NC (base, config, schema)
+Replicating DC=DomainDnsZones,DC=fireball,DC=local
+Partition[DC=DomainDnsZones,DC=fireball,DC=local] objects[57/57] linked_values[0/0]
+Replicating DC=ForestDnsZones,DC=fireball,DC=local
+Partition[DC=ForestDnsZones,DC=fireball,DC=local] objects[18/18] linked_values[0/0]
+Partition[DC=ForestDnsZones,DC=fireball,DC=local] objects[36/18] linked_values[0/0]
+Committing SAM database
+Sending DsReplicateUpdateRefs for all the replicated partitions
+Setting isSynchronized and dsServiceName
+Setting up secrets database
+Joined domain FIREBALL (SID S-1-5-21-4124656217-1713613446-3469194152) as a DC
+</code>
+==== 生成された設定ファイルの修正 ====
+<code>
+$ cat /etc/samba/smb.conf
+</code>
+<code autoconf>
+# Global parameters
+[global]
+        workgroup = FIREBALL
+        realm = fireball.local
+        netbios name = BLUE-DC2
+        server role = active directory domain controller
+        dns forwarder = 192.168.1.10 <- 最初に構築したDCのIPアドレスを追記
+        idmap_ldb:use rfc2307 = yes  <- 追記
+        printing = bsd               <- 追記
+[netlogon]
+        path = /var/lib/samba/sysvol/fireball.local/scripts
+        read only = No
+[sysvol]
+        path = /var/lib/samba/sysvol
+        read only = No
+</code>
+===== サービス定義ファイルの作成 =====
+<code>
+$ sudo vi /lib/systemd/system/samba.service
+</code>
+<code ini>
+[Unit]
+Description=Samba Active Directory Domain Controller Daemon
+After=syslog.target network.target named.service
+[Service]
+Type=forking
+PIDFile=/run/samba.pid
+LimitNOFILE=16384
+EnvironmentFile=-/etc/sysconfig/samba
+ExecStart=/usr/sbin/samba $SAMBAOPTIONS
+ExecReload=/usr/bin/kill -HUP $MAINPID
+ExecStop=/usr/bin/killall samba
+[Install]
+WantedBy=multi-user.target
+</code>
+===== サービス自動起動設定 =====
+<code>
+$ sudo systemctl enable samba.service
+</code>
+===== サービス起動 =====
+<code>
+$ sudo systemctl start samba.service
+</code>
+===== DC間のレプリケーション動作確認 =====
+<code>
+$ sudo samba-tool drs showrepl
+</code>
+<code>
+Default-First-Site-Name\BLUE-DC2
+DSA Options: 0x00000001
+DSA object GUID: 7072208a-a934-4288-8df9-7f6140af0ee0
+DSA invocationId: 0cc44a03-f4b5-45e5-9355-d73c65ef8206
+==== INBOUND NEIGHBORS ====
+DC=DomainDnsZones,DC=fireball,DC=local
+        Default-First-Site-Name\BLUE-DC via RPC
+                DSA object GUID: ea201fc1-7580-4e6f-b041-8ee42f472a9a
+                Last attempt @ Thu Oct 17 06:49:58 2013 JST was successful
+consecutive failure(s).
+                Last success @ Thu Oct 17 06:49:58 2013 JST
+CN=Schema,CN=Configuration,DC=fireball,DC=local
+        Default-First-Site-Name\BLUE-DC via RPC
+                DSA object GUID: ea201fc1-7580-4e6f-b041-8ee42f472a9a
+                Last attempt @ Thu Oct 17 06:49:58 2013 JST was successful
+consecutive failure(s).
+                Last success @ Thu Oct 17 06:49:58 2013 JST
+DC=fireball,DC=local
+        Default-First-Site-Name\BLUE-DC via RPC
+                DSA object GUID: ea201fc1-7580-4e6f-b041-8ee42f472a9a
+                Last attempt @ Thu Oct 17 06:49:58 2013 JST was successful
+consecutive failure(s).
+                Last success @ Thu Oct 17 06:49:58 2013 JST
+CN=Configuration,DC=fireball,DC=local
+        Default-First-Site-Name\BLUE-DC via RPC
+                DSA object GUID: ea201fc1-7580-4e6f-b041-8ee42f472a9a
+                Last attempt @ Thu Oct 17 06:49:58 2013 JST was successful
+consecutive failure(s).
+                Last success @ Thu Oct 17 06:49:58 2013 JST
+DC=ForestDnsZones,DC=fireball,DC=local
+        Default-First-Site-Name\BLUE-DC via RPC
+                DSA object GUID: ea201fc1-7580-4e6f-b041-8ee42f472a9a
+                Last attempt @ Thu Oct 17 06:49:58 2013 JST was successful
+consecutive failure(s).
+                Last success @ Thu Oct 17 06:49:58 2013 JST
+==== OUTBOUND NEIGHBORS ====
+==== KCC CONNECTION OBJECTS ====
+Connection --
+        Connection name: 4bd1dee9-545a-4ba1-ba73-0926e3fb22e7
+        Enabled        : TRUE
+        Server DNS name : blue-dc.fireball.local
+        Server DN name  : CN=NTDS Settings,CN=BLUE-DC,CN=Servers,
+CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fireball,DC=local
+                TransportType: RPC
+                options: 0x00000001
+Warning: No NC replicated for Connection!
+</code>
+===== 参考文献 =====
+[[http://www.unix-power.net/linux/samba4_secondary.html|CentOS6 Samba4でドメインコントローラを冗長化]]\\
+[[https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC|Samba4/HOWTO/Join a domain as a DC - SambaWiki]]\\