CentOS 7의 페일오버 복제를 위한 Samba 4 추가 도메인 컨트롤러
이 페이지에서
- 기본 도메인 컨트롤러 구성
- 보조 도메인 컨트롤러 구성
이 튜토리얼에서는 SAMBA 4의 주요 기능 중 하나인 추가 도메인 컨트롤러를 구성하는 방법을 보여줍니다. 이전 튜토리얼에서 사용한 기존 Samba 4 서버를 기본 도메인 컨트롤러로 사용하겠습니다. 이 설정은 AD 서비스(Ldap 스키마 및 dns)에 대한 로드 밸런싱 및 장애 조치를 제공하며 구성이 정말 쉽습니다. 이 기능을 사용하여 환경을 확장할 수도 있습니다.
기존 Samba4 AD 서버와 새로운 추가 서버를 사용할 것입니다.
참고: 이전 기사에서는 랩 환경의 ipaddress 충돌로 인해 기본 도메인 컨트롤러로 192.168.1.190을 사용했으며 이를 192.168.1.180으로 변경했습니다.
서버
- 192.168.1.180, samba4.sunil.cc - 기본 도메인 컨트롤러 Centos7 AD1
- 192.168.1.170,dc.sunil.cc - 보조 도메인 컨트롤러 또는 추가 도메인 컨트롤러 Centos7 AD2
가이드에서 내가 AD1을 표시할 때마다 기본 AD 서버 및 AD2는 보조 서버를 의미하므로 이 링크를 참조하세요.
기본 도메인 컨트롤러 구성
이 링크를 참조하십시오
공유를 지원하는 CentOS 7 rpm 기반 설치에서 Active Directory가 포함된 Samba 4
보조 도메인 컨트롤러 구성
AD2
서버 192.168.1.170,dc.sunil.cc - (보조 도메인 컨트롤러 또는 추가 도메인 컨트롤러)에서 다음을 수행합니다.
Centos 7을 기본으로 사용하고 SELinux가 활성화됩니다.
[ ~]# yum -y update
Selinux가 활성화되었습니다.
[ ~]# sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28 [ ~]#
호스트 파일에 항목을 만듭니다.
/etc/hosts에 기본 AD와 보조 AD를 모두 추가하려면 여기를 확인하십시오.
AD1
[ ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.1.180 samba4.sunil.cc samba4 192.168.1.170 dc.sunil.cc dc [ ~]#
AD2
[ ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.1.180 samba4.sunil.cc samba4 192.168.1.170 dc.sunil.cc dc [ ~]#
epel 저장소를 활성화합니다.
[ ~]# yum install epel-release -y
기본 패키지를 설치합니다.
[ ~]# yum install vim wget authconfig krb5-workstation -y
samba4 rpms용 윙 저장소를 설치합니다.
[ ~]# cd /etc/yum.repos.d/ [ yum.repos.d]# wget http://wing-net.ddo.jp/wing/7/EL7.wing.repo [' /etc/yum.repos.d/EL7.wing.repo [ yum.repos.d]# yum clean all Loaded plugins: fastestmirror Cleaning repos: base extras updates wing wing-source Cleaning up everything Cleaning up list of fastest mirrors [ yum.repos.d]#
이제 samba4 패키지를 설치합니다.
[ yum.repos.d]# yum install -y samba45 samba45-winbind-clients samba45-winbind samba45-client\ samba45-dc samba45-pidl samba45-python samba45-winbind-krb5-locator perl-Parse-Yapp\ perl-Test-Base python2-crypto samba45-common-tools
resolv.conf를 수정하고 네임서버가 기본 도메인 컨트롤러를 가리키도록 합니다. 여기서는 192.168.1.180을 사용합니다.
[r ~]# cat /etc/resolv.conf # Generated by NetworkManager search sunil.cc nameserver 192.168.1.180 [ ~]#
이제 이 파일을 제거합니다. 나중에 만들 것이기 때문입니다.
[ ~]# rm -rf /etc/krb5.conf [ ~]# rm -rf /etc/samba/smb.conf
이제 krb5.conf에 아래 내용을 추가합니다. 여기서 도메인 이름은 sunil.cc이고 영역 이름은 SUNIL.CC입니다.
[ ~]# cat /etc/krb5.conf [libdefaults] dns_lookup_realm = false dns_lookup_kdc = true default_realm = SUNIL.CC [ ~]#
samba4 서버에서 kerberos 키를 가져올 수 있는지 확인하십시오.
[ Password for : Warning: Your password will expire in 42 days on Sat 15 Jul 2017 10:54:19 PM CEST [ ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: Valid starting Expires Service principal 06/03/2017 20:33:08 06/04/2017 06:33:08 krbtgt/ renew until 06/04/2017 20:33:04 [ ~]#
키를 받지 못한 경우 시간이 동기화되었는지 확인하고 resolv.conf를 확인하십시오.
이제 기존 도메인에 서버를 추가합니다.
[ yum.repos.d]# samba-tool domain join sunil.cc DC -U"SUNIL\administrator" --dns-backend=SAMBA_INTERNAL Finding a writeable DC for domain 'sunil.cc' Found DC samba4.sunil.cc Password for [SUNIL\administrator]: workgroup is SUNIL realm is sunil.cc Adding CN=DC,OU=Domain Controllers,DC=sunil,DC=cc Adding CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunil,DC=cc Adding CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunil,DC=cc Adding SPNs to CN=DC,OU=Domain Controllers,DC=sunil,DC=cc Setting account password for DC$ Enabling account Calling bare provision Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up share.ldb Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf Provision OK for domain DN DC=sunil,DC=cc Starting replication Schema-DN[CN=Schema,CN=Configuration,DC=sunil,DC=cc] objects[402/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=sunil,DC=cc] objects[804/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=sunil,DC=cc] objects[1206/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=sunil,DC=cc] objects[1550/1550] linked_values[0/0] Analyze and apply schema objects Partition[CN=Configuration,DC=sunil,DC=cc] objects[402/1614] linked_values[0/0] Partition[CN=Configuration,DC=sunil,DC=cc] objects[804/1614] linked_values[0/0] Partition[CN=Configuration,DC=sunil,DC=cc] objects[1206/1614] linked_values[0/0] Partition[CN=Configuration,DC=sunil,DC=cc] objects[1608/1614] linked_values[0/0] Partition[CN=Configuration,DC=sunil,DC=cc] objects[1614/1614] linked_values[30/0] Replicating critical objects from the base DN of the domain Partition[DC=sunil,DC=cc] objects[97/97] linked_values[23/0] Partition[DC=sunil,DC=cc] objects[360/263] linked_values[23/0] Done with always replicated NC (base, config, schema) Replicating DC=DomainDnsZones,DC=sunil,DC=cc Partition[DC=DomainDnsZones,DC=sunil,DC=cc] objects[40/40] linked_values[0/0] Replicating DC=ForestDnsZones,DC=sunil,DC=cc Partition[DC=ForestDnsZones,DC=sunil,DC=cc] objects[18/18] linked_values[0/0] Committing SAM database Sending DsReplicaUpdateRefs for all the replicated partitions Setting isSynchronized and dsServiceName Setting up secrets database Joined domain SUNIL (SID S-1-5-21-2550466525-3862778800-1252273829) as a DC [ yum.repos.d]#
방화벽 규칙을 추가합니다.
[ ~]# firewall-cmd --add-port=53/tcp --permanent;firewall-cmd --add-port=53/udp --permanent;firewall-cmd --add-port=88/tcp --permanent;firewall-cmd --add-port=88/udp --permanent; \ firewall-cmd --add-port=135/tcp --permanent;firewall-cmd --add-port=137-138/udp --permanent;firewall-cmd --add-port=139/tcp --permanent; \ firewall-cmd --add-port=389/tcp --permanent;firewall-cmd --add-port=389/udp --permanent;firewall-cmd --add-port=445/tcp --permanent; \ firewall-cmd --add-port=464/tcp --permanent;firewall-cmd --add-port=464/udp --permanent;firewall-cmd --add-port=636/tcp --permanent; \ firewall-cmd --add-port=1024-3500/tcp --permanent;firewall-cmd --add-port=3268-3269/tcp --permanent [ ~]# firewall-cmd --reload
이제 윙의 samba4 rpm에 시작 스크립트가 없기 때문에 시작 스크립트를 추가하십시오.
[ ~]# cat /etc/systemd/system/samba.service [Unit] Description= Samba 4 Active Directory After=syslog.target After=network.target [Service] Type=forking PIDFile=/var/run/samba.pid ExecStart=/usr/sbin/samba [Install] WantedBy=multi-user.target [ ~]#
Samba 4는 현재 sysvol 복제를 지원하지 않습니다. 이것은 그룹 GID 매핑에 필요합니다. 해결 방법은 다음과 같습니다.
idmap.ldb를 백업하고 복원해야 합니다.
DC1
패키지를 설치합니다.
[ ~]#yum install tdb-tools
핫 백업을 수행합니다.
[ ~]# tdbbackup -s .bak /var/lib/samba/private/idmap.ldb
백업 파일을 DC2에 복사합니다.
[ ~]# ls -l /var/lib/samba/private/idmap.ldb.bak -rw-------. 1 root root 61440 Jun 3 09:52 /var/lib/samba/private/idmap.ldb.bak [:/var/lib/samba/private/idmap.ldb
DC2
이제 삼바 서비스를 시작합니다.
[ ~]# systemctl enable samba Created symlink from /etc/systemd/system/multi-user.target.wants/samba.service to /etc/systemd/system/samba.service. [ ~]# systemctl start samba
DC1
192.168.1.180을 가리키도록 resolv.conf 파일을 변경합니다.
[ ~]# cat /etc/resolv.conf # Generated by NetworkManager search sunil.cc nameserver 192.168.1.180 [ ~]#
링크 만들기.
[ ~]# ln -s /var/lib/samba/private/krb5.conf /etc/krb5.conf [ ~]# cat /etc/krb5.conf [libdefaults] default_realm = SUNIL.CC dns_lookup_realm = false dns_lookup_kdc = true [ ~]#
지금 Kerberos 티켓을 확인하고 있습니다.
[ Password for : Warning: Your password will expire in 42 days on Sat 15 Jul 2017 10:54:19 PM CEST [ ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: Valid starting Expires Service principal 06/03/2017 22:03:07 06/04/2017 08:03:07 krbtgt/ renew until 06/04/2017 22:03:03 [ ~]#
이제 추가 도메인 컨트롤러가 준비되었습니다. 복제를 확인하겠습니다.
DC2
[ ~]# samba-tool drs showrepl Default-First-Site-Name\DC DSA Options: 0x00000001 DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c DSA invocationId: e3f76609-f5f0-421d-99ad-38e1fba10b08 ==== INBOUND NEIGHBORS ==== CN=Schema,CN=Configuration,DC=sunil,DC=cc Default-First-Site-Name\SAMBA4 via RPC DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d Last attempt @ Sat Jun 3 22:37:24 2017 CEST was successful 0 consecutive failure(s). Last success @ Sat Jun 3 22:37:24 2017 CEST DC=DomainDnsZones,DC=sunil,DC=cc Default-First-Site-Name\SAMBA4 via RPC DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d Last attempt @ Sat Jun 3 22:37:24 2017 CEST was successful 0 consecutive failure(s). Last success @ Sat Jun 3 22:37:24 2017 CEST DC=ForestDnsZones,DC=sunil,DC=cc Default-First-Site-Name\SAMBA4 via RPC DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d Last attempt @ Sat Jun 3 22:37:24 2017 CEST was successful 0 consecutive failure(s). Last success @ Sat Jun 3 22:37:24 2017 CEST DC=sunil,DC=cc Default-First-Site-Name\SAMBA4 via RPC DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d Last attempt @ Sat Jun 3 22:37:24 2017 CEST was successful 0 consecutive failure(s). Last success @ Sat Jun 3 22:37:24 2017 CEST CN=Configuration,DC=sunil,DC=cc Default-First-Site-Name\SAMBA4 via RPC DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d Last attempt @ Sat Jun 3 22:37:24 2017 CEST was successful 0 consecutive failure(s). Last success @ Sat Jun 3 22:37:24 2017 CEST ==== OUTBOUND NEIGHBORS ==== CN=Schema,CN=Configuration,DC=sunil,DC=cc Default-First-Site-Name\SAMBA4 via RPC DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=DomainDnsZones,DC=sunil,DC=cc Default-First-Site-Name\SAMBA4 via RPC DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=ForestDnsZones,DC=sunil,DC=cc Default-First-Site-Name\SAMBA4 via RPC DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=sunil,DC=cc Default-First-Site-Name\SAMBA4 via RPC DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) CN=Configuration,DC=sunil,DC=cc Default-First-Site-Name\SAMBA4 via RPC DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) ==== KCC CONNECTION OBJECTS ==== Connection -- Connection name: 9a2b9a9c-064d-4de1-8c38-20072735de1c Enabled : TRUE Server DNS name : samba4.sunil.cc Server DN name : CN=NTDS Settings,CN=SAMBA4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunil,DC=cc TransportType: RPC options: 0x00000001 Warning: No NC replicated for Connection! [ ~]#
DC1
동일한 명령을 실행합니다.
[ private]# samba-tool drs showrepl Default-First-Site-Name\SAMBA4 DSA Options: 0x00000001 DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d DSA invocationId: 745838cd-21e5-4bea-aa28-400a21d59a83 ==== INBOUND NEIGHBORS ==== DC=ForestDnsZones,DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ Sat Jun 3 09:53:48 2017 CEST failed, result 2 (WERR_BADFILE) 1 consecutive failure(s). Last success @ NTTIME(0) DC=DomainDnsZones,DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ Sat Jun 3 09:53:49 2017 CEST failed, result 2 (WERR_BADFILE) 1 consecutive failure(s). Last success @ NTTIME(0) DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ Sat Jun 3 09:53:49 2017 CEST failed, result 2 (WERR_BADFILE) 1 consecutive failure(s). Last success @ NTTIME(0) CN=Schema,CN=Configuration,DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ Sat Jun 3 09:53:49 2017 CEST failed, result 2 (WERR_BADFILE) 1 consecutive failure(s). Last success @ NTTIME(0) CN=Configuration,DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ Sat Jun 3 09:53:49 2017 CEST failed, result 2 (WERR_BADFILE) 1 consecutive failure(s). Last success @ NTTIME(0) ==== OUTBOUND NEIGHBORS ==== DC=ForestDnsZones,DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ Sat Jun 3 09:57:06 2017 CEST failed, result 2 (WERR_BADFILE) 3 consecutive failure(s). Last success @ NTTIME(0) DC=DomainDnsZones,DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ Sat Jun 3 09:57:06 2017 CEST failed, result 2 (WERR_BADFILE) 3 consecutive failure(s). Last success @ NTTIME(0) DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ Sat Jun 3 09:57:06 2017 CEST failed, result 2 (WERR_BADFILE) 3 consecutive failure(s). Last success @ NTTIME(0) CN=Schema,CN=Configuration,DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ Sat Jun 3 09:57:02 2017 CEST failed, result 2 (WERR_BADFILE) 2 consecutive failure(s). Last success @ NTTIME(0) CN=Configuration,DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ Sat Jun 3 09:57:02 2017 CEST failed, result 2 (WERR_BADFILE) 2 consecutive failure(s). Last success @ NTTIME(0) ==== KCC CONNECTION OBJECTS ==== Connection -- Connection name: 9c5f7fe2-3cb7-4bb4-9f46-d2922a7a7ab4 Enabled : TRUE Server DNS name : dc.sunil.cc Server DN name : CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunil,DC=cc TransportType: RPC options: 0x00000001 Warning: No NC replicated for Connection! [ private]#
이 오류가 표시되면 복제에 문제가 있는 것이므로 복제를 다시 시작해야 합니다.
[ private]# samba-tool drs replicate samba4.sunil.cc dc.sunil.cc DC=sunil,DC=cc Replicate from dc.sunil.cc to samba4.sunil.cc was successful. [ private]#
이제 복제가 제대로 작동해야 합니다.
[ private]# samba-tool drs showrepl Default-First-Site-Name\SAMBA4 DSA Options: 0x00000001 DSA object GUID: cc0b412e-3bdc-4af7-95e8-90145425d40d DSA invocationId: 745838cd-21e5-4bea-aa28-400a21d59a83 ==== INBOUND NEIGHBORS ==== DC=ForestDnsZones,DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ Sat Jun 3 10:42:04 2017 CEST was successful 0 consecutive failure(s). Last success @ Sat Jun 3 10:42:04 2017 CEST DC=DomainDnsZones,DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ Sat Jun 3 10:42:04 2017 CEST was successful 0 consecutive failure(s). Last success @ Sat Jun 3 10:42:04 2017 CEST DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ Sat Jun 3 10:42:04 2017 CEST was successful 0 consecutive failure(s). Last success @ Sat Jun 3 10:42:04 2017 CEST CN=Schema,CN=Configuration,DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ Sat Jun 3 10:42:04 2017 CEST was successful 0 consecutive failure(s). Last success @ Sat Jun 3 10:42:04 2017 CEST CN=Configuration,DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ Sat Jun 3 10:42:04 2017 CEST was successful 0 consecutive failure(s). Last success @ Sat Jun 3 10:42:04 2017 CEST ==== OUTBOUND NEIGHBORS ==== DC=ForestDnsZones,DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=DomainDnsZones,DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) CN=Schema,CN=Configuration,DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) CN=Configuration,DC=sunil,DC=cc Default-First-Site-Name\DC via RPC DSA object GUID: 0b7607ae-0edc-4667-80f0-4c50bbdf742c Last attempt @ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) ==== KCC CONNECTION OBJECTS ==== Connection -- Connection name: 9c5f7fe2-3cb7-4bb4-9f46-d2922a7a7ab4 Enabled : TRUE Server DNS name : dc.sunil.cc Server DN name : CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunil,DC=cc TransportType: RPC options: 0x00000001 Warning: No NC replicated for Connection! [ private]#
이제 개체가 DC1과 DC2 간에 복제되는지 테스트합니다.
먼저 DC2에서 테스트 사용자를 생성하고 사용자가 DC1에 표시되는지 확인합니다.
DC2
[ ~]# samba-tool user create howtoforge New Password: Retype Password: User 'howtoforge' created successfully [ ~]# samba-tool user list Administrator howtoforge test_user1 test_user krbtgt Guest [ ~]#
이제 DC1에서 동일한 것을 확인합니다.
DC1
[ ~]# samba-tool user list Administrator howtoforge test_user1 test_user krbtgt Guest [ ~]#
이제 DNS 복제를 확인하겠습니다.
소스에서 이전 자습서 Samba4 도메인 컨트롤러 설치에서 사용한 것과 동일한 Windows 10 클라이언트를 사용합니다.
192.168.1.191 원격 관리 Win 10.
AD2 서버를 보조 DNS로 추가합니다.
DNS 복제를 테스트합니다.
이름 확인을 확인하십시오.
[ ~]# nslookup test.sunil.cc 192.168.1.170 Server: 192.168.1.170 Address: 192.168.1.170#53 Name: test.sunil.cc Address: 192.168.1.200 [ ~]# nslookup test.sunil.cc 192.168.1.180 Server: 192.168.1.180 Address: 192.168.1.180#53 Name: test.sunil.cc Address: 192.168.1.200 [ ~]#
이것이 Samba 4에서 DNS와 복제가 작동하는 방식입니다.