CentOS 7 上用于故障转移复制的 Samba 4 附加域控制器
在此页
- 配置主域控制器
- 配置辅助域控制器
在本教程中,我将向您展示如何配置附加域控制器,这是 SAMBA 4 的主要功能之一。我将使用我之前教程中的现有 Samba 4 服务器作为主域控制器。此设置为 AD 服务(Ldap 架构和 dns)提供了一定程度的负载平衡和故障转移,并且配置它非常简单。我们还可以使用此功能来扩展环境。
我将使用现有的 Samba4 AD 服务器和新的附加服务器。
注意:在我之前的文章中,我使用 192.168.1.190 作为主域控制器,因为在我的实验室环境中 ipaddress 存在冲突,我已将其更改为 192.168.1.180。
服务器
- 192.168.1.180, samba4.sunil.cc - 主域控制器 Centos7 AD1
- 192.168.1.170,dc.sunil.cc - 辅助域控制器或附加域控制器 Centos7 AD2
在本教程中,每当我表示 AD1 是指主 AD 服务器而 AD2 是指辅助服务器时,请参考此链接。
配置主域控制器
请参考此链接
Samba 4 和 CentOS 7 rpm 上的 Active Directory 共享支持安装
配置辅助域控制器
AD2
在服务器 192.168.1.170,dc.sunil.cc -(辅助域控制器或附加域控制器)上执行:
我们将使用 Centos 7 作为基础,启用 SELinux。
[ ~]# yum -y update
已启用 Selinux。
[ ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
[ ~]#
在主机文件中创建一个条目:
这里确保在 /etc/hosts 中同时添加主 AD 和辅助 AD
AD1
[ ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.180 samba4.sunil.cc samba4
192.168.1.170 dc.sunil.cc dc
[ ~]#
AD2
[ ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.180 samba4.sunil.cc samba4
192.168.1.170 dc.sunil.cc dc
[ ~]#
启用 epel 仓库。
[ ~]# yum install epel-release -y
安装基本包。
[ ~]# yum install vim wget authconfig krb5-workstation -y
为 samba4 rpms 安装 wing repo。
[ ~]# cd /etc/yum.repos.d/
[ yum.repos.d]# wget http://wing-net.ddo.jp/wing/7/EL7.wing.repo
[' /etc/yum.repos.d/EL7.wing.repo
[ yum.repos.d]# yum clean all
Loaded plugins: fastestmirror
Cleaning repos: base extras updates wing wing-source
Cleaning up everything
Cleaning up list of fastest mirrors
[ yum.repos.d]#
现在正在安装 samba4 包。
[ yum.repos.d]# yum install -y samba45 samba45-winbind-clients samba45-winbind samba45-client\
samba45-dc samba45-pidl samba45-python samba45-winbind-krb5-locator perl-Parse-Yapp\
perl-Test-Base python2-crypto samba45-common-tools
修改resolv.conf,确保nameserver指向主域控制器,这里我们使用192.168.1.180。
[r ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search sunil.cc
nameserver 192.168.1.180
[ ~]#
现在我们删除这些文件,因为我们稍后会创建它们。
[ ~]# rm -rf /etc/krb5.conf
[ ~]# rm -rf /etc/samba/smb.conf
现在在krb5.conf中添加以下内容,这里我们的域名是sunil.cc,域名是SUNIL.CC。
[ ~]# cat /etc/krb5.conf
[libdefaults]
dns_lookup_realm = false
dns_lookup_kdc = true
default_realm = SUNIL.CC
[ ~]#
检查我们是否能够从 samba4 服务器获取 kerberos 密钥。
[
Password for :
Warning: Your password will expire in 42 days on Sat 15 Jul 2017 10:54:19 PM CEST
[ ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal:
Valid starting Expires Service principal
06/03/2017 20:33:08 06/04/2017 06:33:08 krbtgt/
renew until 06/04/2017 20:33:04
[ ~]#
如果您没有获得密钥,请确保时间同步并检查 resolv.conf。
现在将服务器添加到现有域。
[ yum.repos.d]# samba-tool domain join sunil.cc DC -U"SUNIL\administrator" --dns-backend=SAMBA_INTERNAL
Finding a writeable DC for domain 'sunil.cc'
Found DC samba4.sunil.cc
Password for [SUNIL\administrator]:
workgroup is SUNIL
realm is sunil.cc
Adding CN=DC,OU=Domain Controllers,DC=sunil,DC=cc
Adding CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunil,DC=cc
Adding CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunil,DC=cc
Adding SPNs to CN=DC,OU=Domain Controllers,DC=sunil,DC=cc
Setting account password for DC$
Enabling account
Calling bare provision
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf
Provision OK for domain DN DC=sunil,DC=cc
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=sunil,DC=cc] objects[402/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=sunil,DC=cc] objects[804/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=sunil,DC=cc] objects[1206/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=sunil,DC=cc] objects[1550/1550] linked_values[0/0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=sunil,DC=cc] objects[402/1614] linked_values[0/0]
Partition[CN=Configuration,DC=sunil,DC=cc] objects[804/1614] linked_values[0/0]
Partition[CN=Configuration,DC=sunil,DC=cc] objects[1206/1614] linked_values[0/0]
Partition[CN=Configuration,DC=sunil,DC=cc] objects[1608/1614] linked_values[0/0]
Partition[CN=Configuration,DC=sunil,DC=cc] objects[1614/1614] linked_values[30/0]
Replicating critical objects from the base DN of the domain
Partition[DC=sunil,DC=cc] objects[97/97] linked_values[23/0]
Partition[DC=sunil,DC=cc] objects[360/263] linked_values[23/0]
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=sunil,DC=cc
Partition[DC=DomainDnsZones,DC=sunil,DC=cc] objects[40/40] linked_values[0/0]
Replicating DC=ForestDnsZones,DC=sunil,DC=cc
Partition[DC=ForestDnsZones,DC=sunil,DC=cc] objects[18/18] linked_values[0/0]
Committing SAM database
Sending DsReplicaUpdateRefs for all the replicated partitions
Setting isSynchronized and dsServiceName
Setting up secrets database
Joined domain SUNIL (SID S-1-5-21-2550466525-3862778800-1252273829) as a DC
[ yum.repos.d]#
添加防火墙规则。
[ ~]# firewall-cmd --add-port=53/tcp --permanent;firewall-cmd --add-port=53/udp --permanent;firewall-cmd --add-port=88/tcp --permanent;firewall-cmd --add-port=88/udp --permanent; \
firewall-cmd --add-port=135/tcp --permanent;firewall-cmd --add-port=137-138/udp --permanent;firewall-cmd --add-port=139/tcp --permanent; \
firewall-cmd --add-port=389/tcp --permanent;firewall-cmd --add-port=389/udp --permanent;firewall-cmd --add-port=445/tcp --permanent; \
firewall-cmd --add-port=464/tcp --permanent;firewall-cmd --add-port=464/udp --permanent;firewall-cmd --add-port=636/tcp --permanent; \
firewall-cmd --add-port=1024-3500/tcp --permanent;firewall-cmd --add-port=3268-3269/tcp --permanent
[ ~]# firewall-cmd --reload
现在添加启动脚本,因为 wing 的 samba4 rpm 没有它。
[ ~]# cat /etc/systemd/system/samba.service
[Unit]
Description= Samba 4 Active Directory
After=syslog.target
After=network.target
[Service]
Type=forking
PIDFile=/var/run/samba.pid
ExecStart=/usr/sbin/samba
[Install]
WantedBy=multi-user.target
[ ~]#
Samba 4 当前不支持 sysvol 复制,这是组 GID 映射所必需的,这里是修复它的解决方法:
需要占用idmap.ldb 的备份和恢复。
DC1
安装软件包。
[ ~]#yum install tdb-tools进行热备份。
[ ~]# tdbbackup -s .bak /var/lib/samba/private/idmap.ldb将备份文件复制到 DC2。
[ ~]# ls -l /var/lib/samba/private/idmap.ldb.bak
-rw-------. 1 root root 61440 Jun 3 09:52 /var/lib/samba/private/idmap.ldb.bak
[:/var/lib/samba/private/idmap.ldb
DC2
现在启动 samba 服务。
[ ~]# systemctl enable samba
Created symlink from /etc/systemd/system/multi-user.target.wants/samba.service to /etc/systemd/system/samba.service.
[ ~]# systemctl start samba
DC1
更改 resolv.conf 文件以将其指向 192.168.1.180。
[ ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search sunil.cc
nameserver 192.168.1.180
[ ~]#
创建链接。
[ ~]# ln -s /var/lib/samba/private/krb5.conf /etc/krb5.conf
[ ~]# cat /etc/krb5.conf
[libdefaults]
default_realm = SUNIL.CC
dns_lookup_realm = false
dns_lookup_kdc = true
[ ~]#
现在检查 Kerberos 票证。
[
Password for :
Warning: Your password will expire in 42 days on Sat 15 Jul 2017 10:54:19 PM CEST
[ ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal:
Valid starting Expires Service principal
06/03/2017 22:03:07 06/04/2017 08:03:07 krbtgt/
renew until 06/04/2017 22:03:03
[ ~]#
现在我们的附加域控制器已准备就绪,让我们检查复制。
DC2
[ ~]# samba-tool drs showrepl
Default-First-Site-Name\DC
DSA Options: 0x00000001
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
DSA invocationId: e3f76609-f5f0-421d-99ad-38e1fba10b08
==== INBOUND NEIGHBORS ====
CN=Schema,CN=Configuration,DC=sunil,DC=cc
Default-First-Site-Name\SAMBA4 via RPC
DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
Last attempt @ Sat Jun 3 22:37:24 2017 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jun 3 22:37:24 2017 CEST
DC=DomainDnsZones,DC=sunil,DC=cc
Default-First-Site-Name\SAMBA4 via RPC
DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
Last attempt @ Sat Jun 3 22:37:24 2017 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jun 3 22:37:24 2017 CEST
DC=ForestDnsZones,DC=sunil,DC=cc
Default-First-Site-Name\SAMBA4 via RPC
DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
Last attempt @ Sat Jun 3 22:37:24 2017 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jun 3 22:37:24 2017 CEST
DC=sunil,DC=cc
Default-First-Site-Name\SAMBA4 via RPC
DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
Last attempt @ Sat Jun 3 22:37:24 2017 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jun 3 22:37:24 2017 CEST
CN=Configuration,DC=sunil,DC=cc
Default-First-Site-Name\SAMBA4 via RPC
DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
Last attempt @ Sat Jun 3 22:37:24 2017 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jun 3 22:37:24 2017 CEST
==== OUTBOUND NEIGHBORS ====
CN=Schema,CN=Configuration,DC=sunil,DC=cc
Default-First-Site-Name\SAMBA4 via RPC
DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=DomainDnsZones,DC=sunil,DC=cc
Default-First-Site-Name\SAMBA4 via RPC
DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=ForestDnsZones,DC=sunil,DC=cc
Default-First-Site-Name\SAMBA4 via RPC
DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=sunil,DC=cc
Default-First-Site-Name\SAMBA4 via RPC
DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=sunil,DC=cc
Default-First-Site-Name\SAMBA4 via RPC
DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: 9a2b9a9c-064d-4de1-8c38-20072735de1c
Enabled : TRUE
Server DNS name : samba4.sunil.cc
Server DN name : CN=NTDS Settings,CN=SAMBA4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunil,DC=cc
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
[ ~]#
DC1
运行相同的命令。
[ private]# samba-tool drs showrepl
Default-First-Site-Name\SAMBA4
DSA Options: 0x00000001
DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
DSA invocationId: 745838cd-21e5-4bea-aa28-400a21d59a83
==== INBOUND NEIGHBORS ====
DC=ForestDnsZones,DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ Sat Jun 3 09:53:48 2017 CEST failed, result 2 (WERR_BADFILE)
1 consecutive failure(s).
Last success @ NTTIME(0)
DC=DomainDnsZones,DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ Sat Jun 3 09:53:49 2017 CEST failed, result 2 (WERR_BADFILE)
1 consecutive failure(s).
Last success @ NTTIME(0)
DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ Sat Jun 3 09:53:49 2017 CEST failed, result 2 (WERR_BADFILE)
1 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ Sat Jun 3 09:53:49 2017 CEST failed, result 2 (WERR_BADFILE)
1 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ Sat Jun 3 09:53:49 2017 CEST failed, result 2 (WERR_BADFILE)
1 consecutive failure(s).
Last success @ NTTIME(0)
==== OUTBOUND NEIGHBORS ====
DC=ForestDnsZones,DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ Sat Jun 3 09:57:06 2017 CEST failed, result 2 (WERR_BADFILE)
3 consecutive failure(s).
Last success @ NTTIME(0)
DC=DomainDnsZones,DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ Sat Jun 3 09:57:06 2017 CEST failed, result 2 (WERR_BADFILE)
3 consecutive failure(s).
Last success @ NTTIME(0)
DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ Sat Jun 3 09:57:06 2017 CEST failed, result 2 (WERR_BADFILE)
3 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ Sat Jun 3 09:57:02 2017 CEST failed, result 2 (WERR_BADFILE)
2 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ Sat Jun 3 09:57:02 2017 CEST failed, result 2 (WERR_BADFILE)
2 consecutive failure(s).
Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: 9c5f7fe2-3cb7-4bb4-9f46-d2922a7a7ab4
Enabled : TRUE
Server DNS name : dc.sunil.cc
Server DN name : CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunil,DC=cc
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
[ private]#
如果您看到此错误,则说明复制存在问题,我们需要重新启动复制。
[ private]# samba-tool drs replicate samba4.sunil.cc dc.sunil.cc DC=sunil,DC=cc
Replicate from dc.sunil.cc to samba4.sunil.cc was successful.
[ private]#
现在复制应该可以正常工作了。
[ private]# samba-tool drs showrepl
Default-First-Site-Name\SAMBA4
DSA Options: 0x00000001
DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
DSA invocationId: 745838cd-21e5-4bea-aa28-400a21d59a83
==== INBOUND NEIGHBORS ====
DC=ForestDnsZones,DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ Sat Jun 3 10:42:04 2017 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jun 3 10:42:04 2017 CEST
DC=DomainDnsZones,DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ Sat Jun 3 10:42:04 2017 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jun 3 10:42:04 2017 CEST
DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ Sat Jun 3 10:42:04 2017 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jun 3 10:42:04 2017 CEST
CN=Schema,CN=Configuration,DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ Sat Jun 3 10:42:04 2017 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jun 3 10:42:04 2017 CEST
CN=Configuration,DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ Sat Jun 3 10:42:04 2017 CEST was successful
0 consecutive failure(s).
Last success @ Sat Jun 3 10:42:04 2017 CEST
==== OUTBOUND NEIGHBORS ====
DC=ForestDnsZones,DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=DomainDnsZones,DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=sunil,DC=cc
Default-First-Site-Name\DC via RPC
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: 9c5f7fe2-3cb7-4bb4-9f46-d2922a7a7ab4
Enabled : TRUE
Server DNS name : dc.sunil.cc
Server DN name : CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunil,DC=cc
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
[ private]#
现在测试对象是否在 DC1 和 DC2 之间复制。
我们先在DC2中创建一个测试用户,看看在DC1中是否可以看到该用户。
DC2
[ ~]# samba-tool user create howtoforge
New Password:
Retype Password:
User 'howtoforge' created successfully
[ ~]# samba-tool user list
Administrator
howtoforge
test_user1
test_user
krbtgt
Guest
[ ~]#
现在从 DC1 检查相同的内容。
DC1
[ ~]# samba-tool user list
Administrator
howtoforge
test_user1
test_user
krbtgt
Guest
[ ~]#
现在让我们检查 DNS 复制。
我将使用我在之前的教程中从源代码安装 Samba4 域控制器时使用的相同 Windows 10 客户端。
192.168.1.191远程管理Win 10。
将添加 AD2 服务器作为辅助 DNS。
测试 DNS 复制。
检查名称解析。
[ ~]# nslookup test.sunil.cc 192.168.1.170
Server: 192.168.1.170
Address: 192.168.1.170#53
Name: test.sunil.cc
Address: 192.168.1.200
[ ~]# nslookup test.sunil.cc 192.168.1.180
Server: 192.168.1.180
Address: 192.168.1.180#53
Name: test.sunil.cc
Address: 192.168.1.200
[ ~]#
这就是 DNS 和复制在 Samba 4 中的工作方式。