差分

このページの2つのバージョン間の差分を表示します。

--- linux:samba:samba_ad_dc_replication [2013/10/17 06:33] – [DCとしてドメインに参加] ともやん
+++ linux:samba:samba_ad_dc_replication [2019/05/18 02:23] (現在) – 外部編集非ログインユーザー
@@ 行 6: / 行 6: @@
 ===== パッケージインストール =====
 <code>
-$ sudo yum install samba samba-dc samba-client tdb-tools psmisc krb5-workstation --enablerepo=mgc
+$ sudo yum install samba samba-dc samba-client bind-utils \
+tdb-tools psmisc krb5-workstation --enablerepo=mgc
 </code>
+wbinfoを使えるように以下もインストールしておくとよい。
+<code>
+$ sudo yum install samba-winbind-clients --enablerepo=mgc
+</code>
 ===== Kerberosクライアントのデフォルト設定 =====
@@ 行 40: / 行 45: @@
 #  admin_server = kerberos.example.com
 # }
- FIREBALL.LOCAL = {            <-
+ FIREBALL.LOCAL = {             <-
-  kdc = blue-dc.fireball.local <- 追記
+  kdc = blue-dc.fireball.local  <- 追記
- }                             <-
+  kdc = blue-dc1.fireball.local <-
+ }                              <-
 [domain_realm]
@@ 行 73: / 行 79: @@
 <code>
 $ sudo samba-tool domain join fireball.local DC -Uadministrator --realm=fireball.local
+</code>
+<code>
 Finding a writeable DC for domain 'fireball.local'
 Found DC blue-dc.fireball.local
-Password for [WORKGROUP\administrator]:
+Password for [WORKGROUP\administrator]: <-パスワードを入力
 workgroup is FIREBALL
 realm is fireball.local
 checking sAMAccountName
-Adding CN=BLUE-NAS,OU=Domain Controllers,DC=fireball,DC=local
+Adding CN=BLUE-DC2,OU=Domain Controllers,DC=fireball,DC=local
-Adding CN=BLUE-NAS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fireball,DC=local
+Adding CN=BLUE-DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fireball,DC=local
-Adding CN=NTDS Settings,CN=BLUE-NAS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fireball,DC=local
+Adding CN=NTDS Settings,CN=BLUE-DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fireball,DC=local
-Adding SPNs to CN=BLUE-NAS,OU=Domain Controllers,DC=fireball,DC=local
+Adding SPNs to CN=BLUE-DC2,OU=Domain Controllers,DC=fireball,DC=local
-Setting account password for BLUE-NAS$
+Setting account password for BLUE-DC2$
 Enabling account
 Calling bare provision
@@ 行 114: / 行 122: @@
 Joined domain FIREBALL (SID S-1-5-21-4124656217-1713613446-3469194152) as a DC
 </code>
+==== 生成された設定ファイルの修正 ====
+<code>
+$ cat /etc/samba/smb.conf
+</code>
+<code autoconf>
+# Global parameters
+[global]
+        workgroup = FIREBALL
+        realm = fireball.local
+        netbios name = BLUE-DC2
+        server role = active directory domain controller
+        dns forwarder = 192.168.1.10 <- 最初に構築したDCのIPアドレスを追記
+        idmap_ldb:use rfc2307 = yes  <- 追記
+        printing = bsd               <- 追記
+[netlogon]
+        path = /var/lib/samba/sysvol/fireball.local/scripts
+        read only = No
+[sysvol]
+        path = /var/lib/samba/sysvol
+        read only = No
+</code>
+===== サービス定義ファイルの作成 =====
+<code>
+$ sudo vi /lib/systemd/system/samba.service
+</code>
+<code ini>
+[Unit]
+Description=Samba Active Directory Domain Controller Daemon
+After=syslog.target network.target named.service
+[Service]
+Type=forking
+PIDFile=/run/samba.pid
+LimitNOFILE=16384
+EnvironmentFile=-/etc/sysconfig/samba
+ExecStart=/usr/sbin/samba $SAMBAOPTIONS
+ExecReload=/usr/bin/kill -HUP $MAINPID
+ExecStop=/usr/bin/killall samba
+[Install]
+WantedBy=multi-user.target
+</code>
+===== サービス自動起動設定 =====
+<code>
+$ sudo systemctl enable samba.service
+</code>
+===== サービス起動 =====
+<code>
+$ sudo systemctl start samba.service
+</code>
+===== DC間のレプリケーション動作確認 =====
+<code>
+$ sudo samba-tool drs showrepl
+</code>
+<code>
+Default-First-Site-Name\BLUE-DC2
+DSA Options: 0x00000001
+DSA object GUID: 7072208a-a934-4288-8df9-7f6140af0ee0
+DSA invocationId: 0cc44a03-f4b5-45e5-9355-d73c65ef8206
+==== INBOUND NEIGHBORS ====
+DC=DomainDnsZones,DC=fireball,DC=local
+        Default-First-Site-Name\BLUE-DC via RPC
+                DSA object GUID: ea201fc1-7580-4e6f-b041-8ee42f472a9a
+                Last attempt @ Thu Oct 17 06:49:58 2013 JST was successful
+consecutive failure(s).
+                Last success @ Thu Oct 17 06:49:58 2013 JST
+CN=Schema,CN=Configuration,DC=fireball,DC=local
+        Default-First-Site-Name\BLUE-DC via RPC
+                DSA object GUID: ea201fc1-7580-4e6f-b041-8ee42f472a9a
+                Last attempt @ Thu Oct 17 06:49:58 2013 JST was successful
+consecutive failure(s).
+                Last success @ Thu Oct 17 06:49:58 2013 JST
+DC=fireball,DC=local
+        Default-First-Site-Name\BLUE-DC via RPC
+                DSA object GUID: ea201fc1-7580-4e6f-b041-8ee42f472a9a
+                Last attempt @ Thu Oct 17 06:49:58 2013 JST was successful
+consecutive failure(s).
+                Last success @ Thu Oct 17 06:49:58 2013 JST
+CN=Configuration,DC=fireball,DC=local
+        Default-First-Site-Name\BLUE-DC via RPC
+                DSA object GUID: ea201fc1-7580-4e6f-b041-8ee42f472a9a
+                Last attempt @ Thu Oct 17 06:49:58 2013 JST was successful
+consecutive failure(s).
+                Last success @ Thu Oct 17 06:49:58 2013 JST
+DC=ForestDnsZones,DC=fireball,DC=local
+        Default-First-Site-Name\BLUE-DC via RPC
+                DSA object GUID: ea201fc1-7580-4e6f-b041-8ee42f472a9a
+                Last attempt @ Thu Oct 17 06:49:58 2013 JST was successful
+consecutive failure(s).
+                Last success @ Thu Oct 17 06:49:58 2013 JST
+==== OUTBOUND NEIGHBORS ====
+==== KCC CONNECTION OBJECTS ====
+Connection --
+        Connection name: 4bd1dee9-545a-4ba1-ba73-0926e3fb22e7
+        Enabled        : TRUE
+        Server DNS name : blue-dc.fireball.local
+        Server DN name  : CN=NTDS Settings,CN=BLUE-DC,CN=Servers,
+CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fireball,DC=local
+                TransportType: RPC
+                options: 0x00000001
+Warning: No NC replicated for Connection!
+</code>
 ===== 参考文献 =====
 [[http://www.unix-power.net/linux/samba4_secondary.html|CentOS6 Samba4でドメインコントローラを冗長化]]\\
 [[https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC|Samba4/HOWTO/Join a domain as a DC - SambaWiki]]\\