웹사이트 검색

CentOS 7의 페일오버 복제를 위한 Samba 4 추가 도메인 컨트롤러


이 페이지에서

  1. 기본 도메인 컨트롤러 구성
  2. 보조 도메인 컨트롤러 구성

이 튜토리얼에서는 SAMBA 4의 주요 기능 중 하나인 추가 도메인 컨트롤러를 구성하는 방법을 보여줍니다. 이전 튜토리얼에서 사용한 기존 Samba 4 서버를 기본 도메인 컨트롤러로 사용하겠습니다. 이 설정은 AD 서비스(Ldap 스키마 및 dns)에 대한 로드 밸런싱 및 장애 조치를 제공하며 구성이 정말 쉽습니다. 이 기능을 사용하여 환경을 확장할 수도 있습니다.

기존 Samba4 AD 서버와 새로운 추가 서버를 사용할 것입니다.

참고: 이전 기사에서는 랩 환경의 ipaddress 충돌로 인해 기본 도메인 컨트롤러로 192.168.1.190을 사용했으며 이를 192.168.1.180으로 변경했습니다.

서버

  • 192.168.1.180, samba4.sunil.cc - 기본 도메인 컨트롤러 Centos7 AD1
  • 192.168.1.170,dc.sunil.cc - 보조 도메인 컨트롤러 또는 추가 도메인 컨트롤러 Centos7 AD2

가이드에서 내가 AD1을 표시할 때마다 기본 AD 서버 및 AD2는 보조 서버를 의미하므로 이 링크를 참조하세요.

기본 도메인 컨트롤러 구성

이 링크를 참조하십시오

공유를 지원하는 CentOS 7 rpm 기반 설치에서 Active Directory가 포함된 Samba 4

보조 도메인 컨트롤러 구성

AD2

서버 192.168.1.170,dc.sunil.cc - (보조 도메인 컨트롤러 또는 추가 도메인 컨트롤러)에서 다음을 수행합니다.

Centos 7을 기본으로 사용하고 SELinux가 활성화됩니다.

[ ~]# yum -y update

Selinux가 활성화되었습니다.

[ ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28
[ ~]#

호스트 파일에 항목을 만듭니다.

/etc/hosts에 기본 AD와 보조 AD를 모두 추가하려면 여기를 확인하십시오.

AD1

[ ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.180   samba4.sunil.cc         samba4
192.168.1.170   dc.sunil.cc     dc
[ ~]#

AD2

[ ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.180   samba4.sunil.cc         samba4
192.168.1.170   dc.sunil.cc     dc
[ ~]#

epel 저장소를 활성화합니다.

[ ~]# yum install epel-release -y

기본 패키지를 설치합니다.

 [ ~]# yum install vim wget authconfig krb5-workstation -y
 

samba4 rpms용 윙 저장소를 설치합니다.

 [ ~]# cd /etc/yum.repos.d/
[ yum.repos.d]# wget http://wing-net.ddo.jp/wing/7/EL7.wing.repo
[' /etc/yum.repos.d/EL7.wing.repo
[ yum.repos.d]# yum clean all
Loaded plugins: fastestmirror
Cleaning repos: base extras updates wing wing-source
Cleaning up everything
Cleaning up list of fastest mirrors
[ yum.repos.d]#
 

이제 samba4 패키지를 설치합니다.

[ yum.repos.d]# yum install -y samba45 samba45-winbind-clients samba45-winbind samba45-client\
samba45-dc samba45-pidl samba45-python samba45-winbind-krb5-locator perl-Parse-Yapp\
perl-Test-Base python2-crypto samba45-common-tools

resolv.conf를 수정하고 네임서버가 기본 도메인 컨트롤러를 가리키도록 합니다. 여기서는 192.168.1.180을 사용합니다.

[r ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search sunil.cc
nameserver 192.168.1.180
[ ~]#

이제 이 파일을 제거합니다. 나중에 만들 것이기 때문입니다.

[ ~]# rm -rf /etc/krb5.conf
[ ~]# rm -rf /etc/samba/smb.conf

이제 krb5.conf에 아래 내용을 추가합니다. 여기서 도메인 이름은 sunil.cc이고 영역 이름은 SUNIL.CC입니다.

[ ~]# cat /etc/krb5.conf
[libdefaults]
    dns_lookup_realm = false
    dns_lookup_kdc = true
    default_realm = SUNIL.CC
[ ~]#

samba4 서버에서 kerberos 키를 가져올 수 있는지 확인하십시오.

[
Password for :
Warning: Your password will expire in 42 days on Sat 15 Jul 2017 10:54:19 PM CEST
[ ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: 

Valid starting       Expires              Service principal
06/03/2017 20:33:08  06/04/2017 06:33:08  krbtgt/
        renew until 06/04/2017 20:33:04
[ ~]#

키를 받지 못한 경우 시간이 동기화되었는지 확인하고 resolv.conf를 확인하십시오.

이제 기존 도메인에 서버를 추가합니다.

[ yum.repos.d]# samba-tool domain join sunil.cc  DC -U"SUNIL\administrator" --dns-backend=SAMBA_INTERNAL
Finding a writeable DC for domain 'sunil.cc'
Found DC samba4.sunil.cc
Password for [SUNIL\administrator]:
workgroup is SUNIL
realm is sunil.cc
Adding CN=DC,OU=Domain Controllers,DC=sunil,DC=cc
Adding CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunil,DC=cc
Adding CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunil,DC=cc
Adding SPNs to CN=DC,OU=Domain Controllers,DC=sunil,DC=cc
Setting account password for DC$
Enabling account
Calling bare provision
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf
Provision OK for domain DN DC=sunil,DC=cc
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=sunil,DC=cc] objects[402/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=sunil,DC=cc] objects[804/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=sunil,DC=cc] objects[1206/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=sunil,DC=cc] objects[1550/1550] linked_values[0/0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=sunil,DC=cc] objects[402/1614] linked_values[0/0]
Partition[CN=Configuration,DC=sunil,DC=cc] objects[804/1614] linked_values[0/0]
Partition[CN=Configuration,DC=sunil,DC=cc] objects[1206/1614] linked_values[0/0]
Partition[CN=Configuration,DC=sunil,DC=cc] objects[1608/1614] linked_values[0/0]
Partition[CN=Configuration,DC=sunil,DC=cc] objects[1614/1614] linked_values[30/0]
Replicating critical objects from the base DN of the domain
Partition[DC=sunil,DC=cc] objects[97/97] linked_values[23/0]
Partition[DC=sunil,DC=cc] objects[360/263] linked_values[23/0]
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=sunil,DC=cc
Partition[DC=DomainDnsZones,DC=sunil,DC=cc] objects[40/40] linked_values[0/0]
Replicating DC=ForestDnsZones,DC=sunil,DC=cc
Partition[DC=ForestDnsZones,DC=sunil,DC=cc] objects[18/18] linked_values[0/0]
Committing SAM database
Sending DsReplicaUpdateRefs for all the replicated partitions
Setting isSynchronized and dsServiceName
Setting up secrets database
Joined domain SUNIL (SID S-1-5-21-2550466525-3862778800-1252273829) as a DC
[ yum.repos.d]#

방화벽 규칙을 추가합니다.

[ ~]# firewall-cmd --add-port=53/tcp --permanent;firewall-cmd --add-port=53/udp --permanent;firewall-cmd --add-port=88/tcp --permanent;firewall-cmd --add-port=88/udp --permanent; \
firewall-cmd --add-port=135/tcp --permanent;firewall-cmd --add-port=137-138/udp --permanent;firewall-cmd --add-port=139/tcp --permanent; \
firewall-cmd --add-port=389/tcp --permanent;firewall-cmd --add-port=389/udp --permanent;firewall-cmd --add-port=445/tcp --permanent; \
firewall-cmd --add-port=464/tcp --permanent;firewall-cmd --add-port=464/udp --permanent;firewall-cmd --add-port=636/tcp --permanent; \
firewall-cmd --add-port=1024-3500/tcp --permanent;firewall-cmd --add-port=3268-3269/tcp --permanent
[ ~]# firewall-cmd --reload

이제 윙의 samba4 rpm에 시작 스크립트가 없기 때문에 시작 스크립트를 추가하십시오.

[ ~]# cat /etc/systemd/system/samba.service
[Unit]
Description= Samba 4 Active Directory
After=syslog.target
After=network.target
[Service]
Type=forking
PIDFile=/var/run/samba.pid
ExecStart=/usr/sbin/samba
[Install]
WantedBy=multi-user.target
[ ~]#

Samba 4는 현재 sysvol 복제를 지원하지 않습니다. 이것은 그룹 GID 매핑에 필요합니다. 해결 방법은 다음과 같습니다.

idmap.ldb를 백업하고 복원해야 합니다.

DC1

패키지를 설치합니다.

[ ~]#yum install tdb-tools

핫 백업을 수행합니다.

[ ~]# tdbbackup -s .bak /var/lib/samba/private/idmap.ldb

백업 파일을 DC2에 복사합니다.

[ ~]# ls -l /var/lib/samba/private/idmap.ldb.bak
-rw-------. 1 root root 61440 Jun  3 09:52 /var/lib/samba/private/idmap.ldb.bak
[:/var/lib/samba/private/idmap.ldb

DC2

이제 삼바 서비스를 시작합니다.

[ ~]# systemctl enable samba
Created symlink from /etc/systemd/system/multi-user.target.wants/samba.service to /etc/systemd/system/samba.service.
[ ~]# systemctl start samba

DC1

192.168.1.180을 가리키도록 resolv.conf 파일을 변경합니다.

[ ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search sunil.cc
nameserver 192.168.1.180
[ ~]#

링크 만들기.

[ ~]# ln -s /var/lib/samba/private/krb5.conf /etc/krb5.conf
[ ~]# cat /etc/krb5.conf
[libdefaults]
        default_realm = SUNIL.CC
        dns_lookup_realm = false
        dns_lookup_kdc = true
[ ~]#

지금 Kerberos 티켓을 확인하고 있습니다.

[
Password for :
Warning: Your password will expire in 42 days on Sat 15 Jul 2017 10:54:19 PM CEST
[ ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: 

Valid starting       Expires              Service principal
06/03/2017 22:03:07  06/04/2017 08:03:07  krbtgt/
        renew until 06/04/2017 22:03:03
[ ~]#

이제 추가 도메인 컨트롤러가 준비되었습니다. 복제를 확인하겠습니다.

DC2

[ ~]# samba-tool drs showrepl
Default-First-Site-Name\DC
DSA Options: 0x00000001
DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
DSA invocationId: e3f76609-f5f0-421d-99ad-38e1fba10b08

==== INBOUND NEIGHBORS ====

CN=Schema,CN=Configuration,DC=sunil,DC=cc
        Default-First-Site-Name\SAMBA4 via RPC
                DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
                Last attempt @ Sat Jun  3 22:37:24 2017 CEST was successful
                0 consecutive failure(s).
                Last success @ Sat Jun  3 22:37:24 2017 CEST

DC=DomainDnsZones,DC=sunil,DC=cc
        Default-First-Site-Name\SAMBA4 via RPC
                DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
                Last attempt @ Sat Jun  3 22:37:24 2017 CEST was successful
                0 consecutive failure(s).
                Last success @ Sat Jun  3 22:37:24 2017 CEST

DC=ForestDnsZones,DC=sunil,DC=cc
        Default-First-Site-Name\SAMBA4 via RPC
                DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
                Last attempt @ Sat Jun  3 22:37:24 2017 CEST was successful
                0 consecutive failure(s).
                Last success @ Sat Jun  3 22:37:24 2017 CEST

DC=sunil,DC=cc
        Default-First-Site-Name\SAMBA4 via RPC
                DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
                Last attempt @ Sat Jun  3 22:37:24 2017 CEST was successful
                0 consecutive failure(s).
                Last success @ Sat Jun  3 22:37:24 2017 CEST

CN=Configuration,DC=sunil,DC=cc
        Default-First-Site-Name\SAMBA4 via RPC
                DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
                Last attempt @ Sat Jun  3 22:37:24 2017 CEST was successful
                0 consecutive failure(s).
                Last success @ Sat Jun  3 22:37:24 2017 CEST

==== OUTBOUND NEIGHBORS ====

CN=Schema,CN=Configuration,DC=sunil,DC=cc
        Default-First-Site-Name\SAMBA4 via RPC
                DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

DC=DomainDnsZones,DC=sunil,DC=cc
        Default-First-Site-Name\SAMBA4 via RPC
                DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

DC=ForestDnsZones,DC=sunil,DC=cc
        Default-First-Site-Name\SAMBA4 via RPC
                DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

DC=sunil,DC=cc
        Default-First-Site-Name\SAMBA4 via RPC
                DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

CN=Configuration,DC=sunil,DC=cc
        Default-First-Site-Name\SAMBA4 via RPC
                DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

==== KCC CONNECTION OBJECTS ====

Connection --
        Connection name: 9a2b9a9c-064d-4de1-8c38-20072735de1c
        Enabled        : TRUE
        Server DNS name : samba4.sunil.cc
        Server DN name  : CN=NTDS Settings,CN=SAMBA4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunil,DC=cc
                TransportType: RPC
                options: 0x00000001
Warning: No NC replicated for Connection!
[ ~]#

DC1

동일한 명령을 실행합니다.

[ private]# samba-tool drs showrepl
Default-First-Site-Name\SAMBA4
DSA Options: 0x00000001
DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
DSA invocationId: 745838cd-21e5-4bea-aa28-400a21d59a83

==== INBOUND NEIGHBORS ====

DC=ForestDnsZones,DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ Sat Jun  3 09:53:48 2017 CEST failed, result 2 (WERR_BADFILE)
                1 consecutive failure(s).
                Last success @ NTTIME(0)

DC=DomainDnsZones,DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ Sat Jun  3 09:53:49 2017 CEST failed, result 2 (WERR_BADFILE)
                1 consecutive failure(s).
                Last success @ NTTIME(0)

DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ Sat Jun  3 09:53:49 2017 CEST failed, result 2 (WERR_BADFILE)
                1 consecutive failure(s).
                Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ Sat Jun  3 09:53:49 2017 CEST failed, result 2 (WERR_BADFILE)
                1 consecutive failure(s).
                Last success @ NTTIME(0)

CN=Configuration,DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ Sat Jun  3 09:53:49 2017 CEST failed, result 2 (WERR_BADFILE)
                1 consecutive failure(s).
                Last success @ NTTIME(0)

==== OUTBOUND NEIGHBORS ====

DC=ForestDnsZones,DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ Sat Jun  3 09:57:06 2017 CEST failed, result 2 (WERR_BADFILE)
                3 consecutive failure(s).
                Last success @ NTTIME(0)

DC=DomainDnsZones,DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ Sat Jun  3 09:57:06 2017 CEST failed, result 2 (WERR_BADFILE)
                3 consecutive failure(s).
                Last success @ NTTIME(0)

DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ Sat Jun  3 09:57:06 2017 CEST failed, result 2 (WERR_BADFILE)
                3 consecutive failure(s).
                Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ Sat Jun  3 09:57:02 2017 CEST failed, result 2 (WERR_BADFILE)
                2 consecutive failure(s).
                Last success @ NTTIME(0)

CN=Configuration,DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ Sat Jun  3 09:57:02 2017 CEST failed, result 2 (WERR_BADFILE)
                2 consecutive failure(s).
                Last success @ NTTIME(0)

==== KCC CONNECTION OBJECTS ====

Connection --
        Connection name: 9c5f7fe2-3cb7-4bb4-9f46-d2922a7a7ab4
        Enabled        : TRUE
        Server DNS name : dc.sunil.cc
        Server DN name  : CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunil,DC=cc
                TransportType: RPC
                options: 0x00000001
Warning: No NC replicated for Connection!
[ private]#

이 오류가 표시되면 복제에 문제가 있는 것이므로 복제를 다시 시작해야 합니다.

[ private]# samba-tool drs replicate samba4.sunil.cc dc.sunil.cc DC=sunil,DC=cc
Replicate from dc.sunil.cc to samba4.sunil.cc was successful.
[ private]#

이제 복제가 제대로 작동해야 합니다.

[ private]# samba-tool drs showrepl
Default-First-Site-Name\SAMBA4
DSA Options: 0x00000001
DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d
DSA invocationId: 745838cd-21e5-4bea-aa28-400a21d59a83

==== INBOUND NEIGHBORS ====

DC=ForestDnsZones,DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ Sat Jun  3 10:42:04 2017 CEST was successful
                0 consecutive failure(s).
                Last success @ Sat Jun  3 10:42:04 2017 CEST

DC=DomainDnsZones,DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ Sat Jun  3 10:42:04 2017 CEST was successful
                0 consecutive failure(s).
                Last success @ Sat Jun  3 10:42:04 2017 CEST

DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ Sat Jun  3 10:42:04 2017 CEST was successful
                0 consecutive failure(s).
                Last success @ Sat Jun  3 10:42:04 2017 CEST

CN=Schema,CN=Configuration,DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ Sat Jun  3 10:42:04 2017 CEST was successful
                0 consecutive failure(s).
                Last success @ Sat Jun  3 10:42:04 2017 CEST

CN=Configuration,DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ Sat Jun  3 10:42:04 2017 CEST was successful
                0 consecutive failure(s).
                Last success @ Sat Jun  3 10:42:04 2017 CEST

==== OUTBOUND NEIGHBORS ====

DC=ForestDnsZones,DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

DC=DomainDnsZones,DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

CN=Configuration,DC=sunil,DC=cc
        Default-First-Site-Name\DC via RPC
                DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

==== KCC CONNECTION OBJECTS ====

Connection --
        Connection name: 9c5f7fe2-3cb7-4bb4-9f46-d2922a7a7ab4
        Enabled        : TRUE
        Server DNS name : dc.sunil.cc
        Server DN name  : CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunil,DC=cc
                TransportType: RPC
                options: 0x00000001
Warning: No NC replicated for Connection!
[ private]#

이제 개체가 DC1과 DC2 간에 복제되는지 테스트합니다.

먼저 DC2에서 테스트 사용자를 생성하고 사용자가 DC1에 표시되는지 확인합니다.

DC2

[ ~]# samba-tool user create howtoforge
New Password:
Retype Password:
User 'howtoforge' created successfully
[ ~]# samba-tool user list
Administrator
howtoforge
test_user1
test_user
krbtgt
Guest
[ ~]#

이제 DC1에서 동일한 것을 확인합니다.

DC1

[ ~]# samba-tool user list
Administrator
howtoforge
test_user1
test_user
krbtgt
Guest
[ ~]#

이제 DNS 복제를 확인하겠습니다.

소스에서 이전 자습서 Samba4 도메인 컨트롤러 설치에서 사용한 것과 동일한 Windows 10 클라이언트를 사용합니다.

192.168.1.191 원격 관리 Win 10.

AD2 서버를 보조 DNS로 추가합니다.

DNS 복제를 테스트합니다.

이름 확인을 확인하십시오.

[ ~]# nslookup test.sunil.cc 192.168.1.170
Server:         192.168.1.170
Address:        192.168.1.170#53

Name:   test.sunil.cc
Address: 192.168.1.200

[ ~]# nslookup test.sunil.cc 192.168.1.180
Server:         192.168.1.180
Address:        192.168.1.180#53

Name:   test.sunil.cc
Address: 192.168.1.200

[ ~]#

이것이 Samba 4에서 DNS와 복제가 작동하는 방식입니다.