\u7b2c\u4e00\u6b65\uff1a\u4e3a\u8bbe\u7f6e Samba4 \u8fdb\u884c\u521d\u59cb\u5316\u914d\u7f6e<\/strong><\/div>\n
\u5728\u5f00\u59cb\u628a\u7b2c\u4e8c\u4e2a DC \u670d\u52a1\u5668\u52a0\u5165\u5230 Samba4 AD DC \u57df\u73af\u5883\u4e4b\u524d\uff0c\u4f60\u9700\u8981\u6ce8\u610f\u4e00\u4e9b\u521d\u59cb\u5316\u8bbe\u7f6e\u4fe1\u606f\uff0c\u9996\u5148\uff0c\u786e\u4fdd\u8fd9\u4e2a\u65b0\u7cfb\u7edf\u7684\u4e3b\u673a\u540d\u5305\u542b\u63cf\u8ff0\u6027\u540d\u79f0\u3002<\/p>\n
\u5047\u8bbe\u7b2c\u4e00\u4e2a\u57df\u670d\u52a1\u5668\u7684\u4e3b\u673a\u540d\u53eb\u505a adc1 \uff0c\u4f60\u53ef\u4ee5\u628a\u7b2c\u4e8c\u4e2a\u57df\u670d\u52a1\u5668\u547d\u540d\u4e3a adc2\uff0c\u4ee5\u4fdd\u6301\u57df\u63a7\u5236\u5668\u540d\u79f0\u7684\u4e00\u81f4\u6027\u3002<\/p>\n
\u6267\u884c\u4e0b\u9762\u7684\u547d\u4ee4\u6765\u4fee\u6539\u7cfb\u7edf\u4e3b\u673a\u540d\uff1a<\/p>\n
#\u00a0hostnamectl\u00a0set-hostname\u00a0adc2<\/pre>\n
\u6216\u8005\u4f60\u4e5f\u53ef\u4ee5\u624b\u52a8\u7f16\u8f91 \/etc\/hostname \u6587\u4ef6\uff0c\u5728\u65b0\u7684\u4e00\u884c\u8f93\u5165\u4f60\u60f3\u8bbe\u7f6e\u7684\u4e3b\u673a\u540d\u3002<\/p>\n
#\u00a0nano\u00a0\/etc\/hostname<\/pre>\n
\u8fd9\u91cc\u6dfb\u52a0\u4e3b\u673a\u540d\u3002<\/p>\n
adc2<\/pre>\n
\u4e0b\u4e00\u6b65\uff0c\u6253\u5f00\u672c\u5730\u7cfb\u7edf\u89e3\u6790\u6587\u4ef6\u5e76\u6dfb\u52a0\u4e00\u4e2a\u6761\u76ee\uff0c\u5305\u542b\u4e3b\u57df\u63a7\u5236\u5668\u7684 IP \u5730\u5740\u548c FQDN \u540d\u79f0\u3002\u5982\u4e0b\u56fe\u6240\u793a\uff1a<\/p>\n
\u5728\u8fd9\u7bc7\u6559\u7a0b\u4e2d\uff0c\u4e3b\u57df\u63a7\u670d\u52a1\u5668\u7684\u4e3b\u673a\u540d\u4e3a adc1.tecmint.lan \uff0c\u5176\u5bf9\u5e94\u7684 IP \u5730\u5740\u4e3a 192.168.1.254 \u3002<\/p>\n
#\u00a0nano\u00a0\/etc\/hosts<\/pre>\n
\u6dfb\u52a0\u5982\u4e0b\u884c\uff1a<\/p>\n
IP_of_main_DC\u00a0FQDN_of_main_DC\u00a0short_name_of_main_DC<\/pre>\n
$\"\"$ <\/p>\n
\u4e3a Samba4 AD DC \u670d\u52a1\u5668\u8bbe\u7f6e\u4e3b\u673a\u540d<\/p>\n
\u4e0b\u4e00\u6b65\uff0c\u6253\u5f00 \/etc\/network\/interfaces \u914d\u7f6e\u6587\u4ef6\u5e76\u8bbe\u7f6e\u4e00\u4e2a\u9759\u6001 IP \u5730\u5740\uff0c\u5982\u4e0b\u56fe\u6240\u793a\uff1a<\/p>\n
\u6ce8\u610f dns-nameservers \u548c dns-search \u8fd9\u4e24\u4e2a\u53c2\u6570\u7684\u503c\u3002\u4e3a\u4e86\u4f7f DNS \u89e3\u6790\u6b63\u5e38\u5de5\u4f5c\uff0c\u9700\u8981\u628a\u8fd9\u4e24\u4e2a\u503c\u8bbe\u7f6e\u6210\u4e3b Samba4 AD DC \u670d\u52a1\u5668\u7684 IP \u5730\u5740\u548c\u57df\u540d\u3002<\/div>\n
\u91cd\u542f\u7f51\u5361\u670d\u52a1\u4ee5\u8ba9\u4fee\u6539\u7684\u914d\u7f6e\u751f\u6548\u3002\u68c0\u67e5 \/etc\/resolv.conf \u6587\u4ef6\uff0c\u786e\u4fdd\u8be5\u7f51\u5361\u4e0a\u914d\u7f6e\u7684\u8fd9\u4e24\u4e2a DNS \u7684\u503c\u5df2\u66f4\u65b0\u5230\u8fd9\u4e2a\u6587\u4ef6\u3002<\/p>\n
#\u00a0nano\u00a0\/etc\/network\/interfaces<\/pre>\n
\u7f16\u8f91\u5e76\u66ff\u6362\u4f60\u81ea\u5b9a\u4e49\u7684 IP \u8bbe\u7f6e\uff1a<\/p>\n
\n
\n
auto\u00a0ens33<\/li>\n
iface\u00a0ens33\u00a0inet\u00a0static<\/li>\n
address\u00a0192.168.1.253<\/li>\n
netmask\u00a0255.255.255.0<\/li>\n
brodcast\u00a0192.168.1.1<\/li>\n
gateway\u00a0192.168.1.1<\/li>\n
dns-nameservers\u00a0192.168.1.254<\/li>\n
dns-search\u00a0tecmint.lan<\/li>\n<\/ul>\n<\/div>\n
\u91cd\u542f\u7f51\u5361\u670d\u52a1\u5e76\u786e\u8ba4\u751f\u6548\u3002<\/p>\n
#\u00a0systemctl\u00a0restart\u00a0networking.service\r\n#\u00a0cat\u00a0\/etc\/resolv.conf\r\n<\/pre>\n
$\"\"$ <\/p>\n
\u914d\u7f6e Samba4 AD \u670d\u52a1\u5668\u7684 DNS<\/p>\n
\u5f53\u4f60\u901a\u8fc7\u7b80\u5199\u540d\u79f0(\u7528\u4e8e\u6784\u5efa FQDN \u540d)\u67e5\u8be2\u4e3b\u673a\u540d\u65f6\uff0c dns-search \u503c\u5c06\u4f1a\u81ea\u52a8\u628a\u57df\u540d\u6dfb\u52a0\u4e0a\u3002<\/p>\n
\u4e3a\u4e86\u6d4b\u8bd5 DNS \u89e3\u6790\u662f\u5426\u6b63\u5e38\uff0c\u4f7f\u7528\u4e00\u7cfb\u5217 ping \u547d\u4ee4\u6d4b\u8bd5\uff0c\u547d\u4ee4\u540e\u5206\u522b\u4e3a\u7b80\u5199\u540d\uff0c FQDN \u540d\u548c\u57df\u540d\uff0c\u5982\u4e0b\u56fe\u6240\u793a\uff1a<\/p>\n
\u5728\u6240\u6709\u6d4b\u8bd5\u7528\u4f8b\u4e2d\uff0cSamba4 AD DC DNS \u670d\u52a1\u5668\u90fd\u5e94\u8be5\u8fd4\u56de\u4e3b\u57df\u63a7\u670d\u52a1\u5668\u7684 IP \u5730\u5740\u3002<\/p>\n
$\"\"$ <\/p>\n
\u9a8c\u8bc1 Samba4 AD \u73af\u5883 DNS \u89e3\u6790\u662f\u5426\u6b63\u5e38<\/p>\n
\u6700\u540e\u4f60\u9700\u8981\u6ce8\u610f\u7684\u662f\u786e\u4fdd\u8fd9\u4e2a\u4e3b\u673a\u8ddf\u57df\u63a7\u670d\u52a1\u5668\u65f6\u95f4\u540c\u6b65\u3002\u4f60\u53ef\u4ee5\u901a\u8fc7\u4e0b\u9762\u7684\u547d\u4ee4\u5728\u7cfb\u7edf\u4e0a\u5b89\u88c5 NTP \u5ba2\u6237\u7aef\u5de5\u5177\u6765\u5b9e\u73b0\u65f6\u95f4\u540c\u6b65\u529f\u80fd\uff1a<\/p>\n
#\u00a0apt-get\u00a0install\u00a0ntpdate\r\n<\/pre>\n
\u5047\u8bbe\u4f60\u60f3\u624b\u52a8\u5f3a\u5236\u672c\u5730\u670d\u52a1\u5668\u4e0e samba4 AD DC \u670d\u52a1\u5668\u65f6\u95f4\u540c\u6b65\uff0c\u4f7f\u7528 ntpdate \u547d\u4ee4\u52a0\u4e0a\u4e3b\u57df\u63a7\u670d\u52a1\u5668\u7684\u4e3b\u673a\u540d\uff0c\u5982\u4e0b\u6240\u793a\uff1a<\/p>\n
#\u00a0ntpdate\u00a0adc1\r\n<\/pre>\n
$\"\"$ <\/p>\n
\u4e0e Samba4 AD \u670d\u52a1\u5668\u8fdb\u884c\u65f6\u95f4\u540c\u6b65<\/p>\n
\u7b2c 2 \u6b65\uff1a\u5b89\u88c5 Samba4 \u5fc5\u987b\u7684\u4f9d\u8d56\u5305<\/strong><\/div>\n
\u4e3a\u4e86\u8ba9 Ubuntu 16.04 \u7cfb\u7edf\u52a0\u5165\u5230\u4f60\u7684\u57df\u4e2d\uff0c\u4f60\u9700\u8981\u901a\u8fc7\u4e0b\u9762\u7684\u547d\u4ee4\u4ece Ubuntu \u5b98\u65b9\u8f6f\u4ef6\u5e93\u4e2d\u5b89\u88c5 Samba4 \u5957\u4ef6\u3001 Kerberos \u5ba2\u6237\u7aef \u548c\u5176\u5b83\u4e00\u4e9b\u91cd\u8981\u7684\u8f6f\u4ef6\u5305\u4ee5\u4fbf\u5c06\u6765\u4f7f\u7528\uff1a<\/p>\n
#\u00a0apt-get\u00a0install\u00a0samba\u00a0krb5-user\u00a0krb5-config\u00a0winbind\u00a0libpam-winbind\u00a0libnss-winbind\r\n<\/pre>\n
$\"\"$ \u00a0<\/center><\/p>\n
\u5728 Ubuntu \u7cfb\u7edf\u4e2d\u5b89\u88c5 Samba4<\/p>\n
\u5728\u5b89\u88c5\u7684\u8fc7\u7a0b\u4e2d\uff0c\u4f60\u9700\u8981\u63d0\u4f9b Kerberos \u57df\u540d\u3002\u8f93\u5165\u5927\u5199\u7684\u57df\u540d\u7136\u540e\u6309\u56de\u8f66\u952e\u5b8c\u6210\u5b89\u88c5\u8fc7\u7a0b\u3002<\/p>\n
$\"\"$ <\/p>\n
\u4e3a Samba4 \u914d\u7f6e Kerberos \u8ba4\u8bc1<\/p>\n
\u6240\u6709\u4f9d\u8d56\u5305\u5b89\u88c5\u5b8c\u6210\u540e\uff0c\u901a\u8fc7\u4f7f\u7528 kinit \u547d\u4ee4\u4e3a\u57df\u7ba1\u7406\u5458\u8bf7\u6c42\u4e00\u4e2a Kerberos \u7968\u636e\u4ee5\u9a8c\u8bc1\u8bbe\u7f6e\u662f\u5426\u6b63\u786e\u3002\u4f7f\u7528 klist \u547d\u4ee4\u6765\u5217\u51fa\u5df2\u6388\u6743\u7684 kerberos \u7968\u636e\u4fe1\u606f\u3002<\/p>\n
#\u00a0kinit\u00a0domain-admin-user@YOUR_DOMAIN.TLD#\u00a0klist\r\n<\/pre>\n
$\"\"$ <\/p>\n
\u5728 Samba4 \u57df\u73af\u5883\u4e2d\u9a8c\u8bc1 Kerberos<\/p>\n
\u7b2c 3 \u6b65\uff1a\u4ee5\u57df\u63a7\u5236\u5668\u7684\u8eab\u4efd\u52a0\u5165\u5230 Samba4 AD DC<\/strong><\/div>\n
\u5728\u628a\u4f60\u7684\u673a\u5668\u96c6\u6210\u5230 Samba4 DC \u73af\u5883\u4e4b\u524d\uff0c\u5148\u628a\u7cfb\u7edf\u4e2d\u6240\u6709\u8fd0\u884c\u7740\u7684 Samba4 \u670d\u52a1\u505c\u6b62\uff0c\u5e76\u4e14\u91cd\u547d\u540d\u9ed8\u8ba4\u7684 Samba \u914d\u7f6e\u6587\u4ef6\u4ee5\u4fbf\u4ece\u5934\u5f00\u59cb\u3002\u5728\u57df\u63a7\u5236\u5668\u914d\u7f6e\u7684\u8fc7\u7a0b\u4e2d\uff0c Samba \u5c06\u4f1a\u521b\u5efa\u4e00\u4e2a\u65b0\u7684\u914d\u7f6e\u6587\u4ef6\u3002<\/p>\n
#\u00a0systemctl\u00a0stop\u00a0samba-ad-dc\u00a0smbd\u00a0nmbd\u00a0winbind\r\n#\u00a0mv\u00a0\/etc\/samba\/smb.conf\u00a0\/etc\/samba\/smb.conf.initial\r\n<\/pre>\n
\u5728\u51c6\u5907\u52a0\u5165\u57df\u524d\uff0c\u5148\u542f\u52a8 samba-ad-dc \u670d\u52a1\uff0c\u4e4b\u540e\u4f7f\u7528\u57df\u7ba1\u7406\u5458\u8d26\u53f7\u8fd0\u884c samba-tool \u547d\u4ee4\u5c06\u670d\u52a1\u5668\u52a0\u5165\u5230\u57df\u3002<\/p>\n
#\u00a0samba-tool\u00a0domain\u00a0join\u00a0your_domain\u00a0-U\u00a0\"your_domain_admin\"\r\n<\/pre>\n
\u52a0\u5165\u57df\u8fc7\u7a0b\u90e8\u5206\u622a\u56fe:<\/p>\n
#\u00a0samba-tool\u00a0domain\u00a0join\u00a0tecmint.lan\u00a0DC\u00a0-U\u00a0\"tecmint_user\"\r\n<\/pre>\n
\u8f93\u51fa\u793a\u4f8b\uff1a<\/p>\n
\n
\n
Finding\u00a0a\u00a0writeable\u00a0DC\u00a0for\u00a0domain\u00a0'tecmint.lan'<\/li>\n
Found\u00a0DC\u00a0adc1.tecmint.lan<\/li>\n
Password\u00a0for\u00a0[WORKGROUP\/tecmint_user]:<\/li>\n
workgroup\u00a0is\u00a0TECMINT<\/li>\n
realm\u00a0is\u00a0tecmint.lan<\/li>\n
checking\u00a0sAMAccountName<\/li>\n
Deleted\u00a0CN=ADC2,CN=Computers,DC=tecmint,DC=lan<\/li>\n
Adding\u00a0CN=ADC2,OU=Domain\u00a0Controllers,DC=tecmint,DC=lan<\/li>\n
Adding\u00a0CN=ADC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tecmint,DC=lan<\/li>\n
Adding\u00a0CN=NTDS\u00a0Settings,CN=ADC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tecmint,DC=lan<\/li>\n
Adding\u00a0SPNs\u00a0to\u00a0CN=ADC2,OU=Domain\u00a0Controllers,DC=tecmint,DC=lan<\/li>\n
Setting\u00a0account\u00a0password\u00a0for\u00a0ADC2$<\/li>\n
Enabling\u00a0account<\/li>\n
Calling\u00a0bare\u00a0provision<\/li>\n
Looking\u00a0up\u00a0IPv4\u00a0addresses<\/li>\n
Looking\u00a0up\u00a0IPv6\u00a0addresses<\/li>\n
No\u00a0IPv6\u00a0address\u00a0will\u00a0be\u00a0assigned<\/li>\n
Setting\u00a0up\u00a0share.ldb<\/li>\n
Setting\u00a0up\u00a0secrets.ldb<\/li>\n
Setting\u00a0up\u00a0the\u00a0registry<\/li>\n
Setting\u00a0up\u00a0the\u00a0privileges\u00a0database<\/li>\n
Setting\u00a0up\u00a0idmap\u00a0db<\/li>\n
Setting\u00a0up\u00a0SAM\u00a0db<\/li>\n
Setting\u00a0up\u00a0sam.ldb\u00a0partitions\u00a0and\u00a0settings<\/li>\n
Setting\u00a0up\u00a0sam.ldb\u00a0rootDSE<\/li>\n
Pre-loading\u00a0the\u00a0Samba\u00a04\u00a0and\u00a0AD\u00a0schema<\/li>\n
A\u00a0Kerberos\u00a0configuration\u00a0suitable\u00a0for\u00a0Samba\u00a04\u00a0has\u00a0been\u00a0generated\u00a0at\u00a0\/var\/lib\/samba\/private\/krb5.conf<\/li>\n
Provision\u00a0OK\u00a0for\u00a0domain\u00a0DN\u00a0DC=tecmint,DC=lan<\/li>\n
Starting\u00a0replication<\/li>\n
Schema-DN[CN=Schema,CN=Configuration,DC=tecmint,DC=lan]\u00a0objects[402\/1550]\u00a0linked_values[0\/0]<\/li>\n
Schema-DN[CN=Schema,CN=Configuration,DC=tecmint,DC=lan]\u00a0objects[804\/1550]\u00a0linked_values[0\/0]<\/li>\n
Schema-DN[CN=Schema,CN=Configuration,DC=tecmint,DC=lan]\u00a0objects[1206\/1550]\u00a0linked_values[0\/0]<\/li>\n
Schema-DN[CN=Schema,CN=Configuration,DC=tecmint,DC=lan]\u00a0objects[1550\/1550]\u00a0linked_values[0\/0]<\/li>\n
Analyze\u00a0and\u00a0apply\u00a0schema\u00a0objects<\/li>\n
Partition[CN=Configuration,DC=tecmint,DC=lan]\u00a0objects[402\/1614]\u00a0linked_values[0\/0]<\/li>\n
Partition[CN=Configuration,DC=tecmint,DC=lan]\u00a0objects[804\/1614]\u00a0linked_values[0\/0]<\/li>\n
Partition[CN=Configuration,DC=tecmint,DC=lan]\u00a0objects[1206\/1614]\u00a0linked_values[0\/0]<\/li>\n
Partition[CN=Configuration,DC=tecmint,DC=lan]\u00a0objects[1608\/1614]\u00a0linked_values[0\/0]<\/li>\n
Partition[CN=Configuration,DC=tecmint,DC=lan]\u00a0objects[1614\/1614]\u00a0linked_values[28\/0]<\/li>\n
Replicating\u00a0critical\u00a0objects\u00a0from\u00a0the\u00a0base\u00a0DN\u00a0of\u00a0the\u00a0domain<\/li>\n
Partition[DC=tecmint,DC=lan]\u00a0objects[97\/97]\u00a0linked_values[24\/0]<\/li>\n
Partition[DC=tecmint,DC=lan]\u00a0objects[380\/283]\u00a0linked_values[27\/0]<\/li>\n
Done\u00a0with\u00a0always\u00a0replicated\u00a0NC\u00a0(base,\u00a0config,\u00a0schema)<\/li>\n
Replicating\u00a0DC=DomainDnsZones,DC=tecmint,DC=lan<\/li>\n
Partition[DC=DomainDnsZones,DC=tecmint,DC=lan]\u00a0objects[45\/45]\u00a0linked_values[0\/0]<\/li>\n
Replicating\u00a0DC=ForestDnsZones,DC=tecmint,DC=lan<\/li>\n
Partition[DC=ForestDnsZones,DC=tecmint,DC=lan]\u00a0objects[18\/18]\u00a0linked_values[0\/0]<\/li>\n
Committing\u00a0SAM\u00a0database<\/li>\n
Sending\u00a0DsReplicaUpdateRefs\u00a0for\u00a0all\u00a0the\u00a0replicated\u00a0partitions<\/li>\n
Setting\u00a0isSynchronized\u00a0and\u00a0dsServiceName<\/li>\n
Setting\u00a0up\u00a0secrets\u00a0database<\/li>\n
Joined\u00a0domain\u00a0TECMINT\u00a0(SID\u00a0S-1-5-21-715537322-3397311598-55032968)\u00a0as\u00a0a\u00a0DC<\/li>\n<\/ul>\n<\/div>\n
$\"\"$ <\/p>\n
\u628a\u57df\u52a0\u5165\u5230 Samba4 AD DC<\/p>\n
\u5728\u5df2\u5b89\u88c5\u4e86 Samba4 \u5957\u4ef6\u7684 Ubuntu \u7cfb\u7edf\u52a0\u5165\u57df\u4e4b\u540e\uff0c\u6253\u5f00 Samba \u4e3b\u914d\u7f6e\u6587\u4ef6\u6dfb\u52a0\u5982\u4e0b\u884c\uff1a<\/p>\n
#\u00a0nano\u00a0\/etc\/samba\/smb.conf\r\n<\/pre>\n
\u6dfb\u52a0\u4ee5\u4e0b\u5185\u5bb9\u5230 smb.conf \u914d\u7f6e\u6587\u4ef6\u4e2d\u3002<\/p>\n
\n
\n
dns\u00a0forwarder\u00a0=\u00a0192.168.1.1<\/li>\n
idmap_ldb:use\u00a0rfc2307\u00a0=\u00a0yes<\/li>\n
template\u00a0shell\u00a0=\u00a0\/bin\/bash<\/li>\n
winbind\u00a0use\u00a0default\u00a0domain\u00a0=\u00a0true<\/li>\n
winbind\u00a0offline\u00a0logon\u00a0=\u00a0false<\/li>\n
winbind\u00a0nss\u00a0info\u00a0=\u00a0rfc2307<\/li>\n
winbind\u00a0enum\u00a0users\u00a0=\u00a0yes<\/li>\n
winbind\u00a0enum\u00a0groups\u00a0=\u00a0yes<\/li>\n<\/ul>\n<\/div>\n
\u4f7f\u7528\u4f60\u81ea\u5df1\u7684 DNS \u8f6c\u53d1\u5668 IP \u5730\u5740\u66ff\u6362\u6389\u4e0a\u9762 dns forwarder \u5730\u5740\u3002 Samba \u5c06\u4f1a\u628a\u57df\u6743\u5a01\u533a\u4e4b\u5916\u7684\u6240\u6709 DNS \u89e3\u6790\u67e5\u8be2\u8f6c\u53d1\u5230\u8fd9\u4e2a IP \u5730\u5740\u3002<\/p>\n
\u6700\u540e\uff0c\u91cd\u542f samba \u670d\u52a1\u4ee5\u4f7f\u4fee\u6539\u7684\u914d\u7f6e\u751f\u6548\uff0c\u7136\u540e\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u6765\u68c0\u67e5\u6d3b\u52a8\u76ee\u5f55\u590d\u5236\u529f\u80fd\u662f\u5426\u6b63\u5e38\u3002<\/p>\n
#\u00a0systemctl\u00a0restart\u00a0samba-ad-dc\r\n#\u00a0samba-tool\u00a0drs\u00a0showrepl\r\n<\/pre>\n
$\"\"$ <\/p>\n
\u914d\u7f6e Samba4 DNS<\/p>\n
\u53e6\u5916\uff0c\u8fd8\u9700\u8981\u91cd\u547d\u540d\u539f\u6765\u7684 \/etc\u4e0b\u7684 kerberos \u914d\u7f6e\u6587\u4ef6\uff0c\u5e76\u4f7f\u7528\u5728\u52a0\u5165\u57df\u7684\u8fc7\u7a0b\u4e2d Samba \u751f\u6210\u7684\u65b0\u914d\u7f6e\u6587\u4ef6 krb5.conf \u66ff\u6362\u5b83\u3002<\/p>\n
Samba \u751f\u6210\u7684\u65b0\u914d\u7f6e\u6587\u4ef6\u5728 \/var\/lib\/samba\/private \u76ee\u5f55\u4e0b\u3002\u4f7f\u7528 Linux \u7684\u7b26\u53f7\u94fe\u63a5\u5c06\u8be5\u6587\u4ef6\u94fe\u63a5\u5230 \/etc \u76ee\u5f55\u3002<\/p>\n
#\u00a0mv\u00a0\/etc\/krb6.conf\u00a0\/etc\/krb5.conf.initial\r\n #\u00a0ln\u00a0-s\u00a0\/var\/lib\/samba\/private\/krb5.conf\u00a0\/etc\/\r\n #\u00a0cat\u00a0\/etc\/krb5.conf<<\/pre>\n
$\"\"$ <\/p>\n
\u914d\u7f6e Kerberos<\/p>\n
\u540c\u6837\uff0c\u4f7f\u7528 samba \u7684 krb5.conf \u914d\u7f6e\u6587\u4ef6\u9a8c\u8bc1 Kerberos \u8ba4\u8bc1\u662f\u5426\u6b63\u5e38\u3002\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u6765\u8bf7\u6c42\u4e00\u4e2a\u7ba1\u7406\u5458\u8d26\u53f7\u7684\u7968\u636e\u5e76\u4e14\u5217\u51fa\u5df2\u7f13\u5b58\u7684\u7968\u636e\u4fe1\u606f\u3002<\/p>\n
#\u00a0kinit\u00a0administrator\r\n#\u00a0klist\r\n<\/pre>\n
$\"\"$ <\/p>\n
\u4f7f\u7528 Samba \u9a8c\u8bc1 Kerberos \u8ba4\u8bc1\u662f\u5426\u6b63\u5e38<\/p>\n
\u7b2c 4 \u6b65\uff1a\u9a8c\u8bc1\u5176\u5b83\u57df\u670d\u52a1<\/strong><\/div>\n
\u4f60\u9996\u5148\u8981\u505a\u7684\u4e00\u4e2a\u6d4b\u8bd5\u5c31\u662f\u9a8c\u8bc1 Samba4 DC DNS \u89e3\u6790\u670d\u52a1\u662f\u5426\u6b63\u5e38\u3002\u8981\u9a8c\u8bc1\u57df DNS \u89e3\u6790\u60c5\u51b5\uff0c\u4f7f\u7528 host \u547d\u4ee4\uff0c\u52a0\u4e0a\u4e00\u4e9b\u91cd\u8981\u7684 AD DNS \u8bb0\u5f55\uff0c\u8fdb\u884c\u57df\u540d\u67e5\u8be2\uff0c\u5982\u4e0b\u56fe\u6240\u793a\uff1a<\/p>\n
\u6bcf\u4e00\u6b21\u67e5\u8be2\uff0cDNS \u670d\u52a1\u5668\u90fd\u5e94\u8be5\u8fd4\u56de\u4e24\u4e2a IP \u5730\u5740\u3002<\/p>\n
#\u00a0host\u00a0your_domain.tld\r\n#\u00a0host\u00a0-t\u00a0SRV\u00a0_kerberos._udp.your_domain.tld\u00a0\u00a0#\u00a0UDP\u00a0Kerberos\u00a0SRV\u00a0record\r\n#\u00a0host\u00a0-t\u00a0SRV\u00a0_ldap._tcp.your_domain.tld\u00a0\u00a0#\u00a0TCP\u00a0LDAP\u00a0SRV\u00a0record\r\n<\/pre>\n
$\"\"$ <\/p>\n
Verify Samba4 DC DNS<\/p>\n
*\u9a8c\u8bc1 Samba4 DC DNS *<\/p>\n
\u8fd9\u4e9b DNS \u8bb0\u5f55\u4e5f\u53ef\u4ee5\u4ece\u6ce8\u518c\u8fc7\u7684\u5df2\u5b89\u88c5\u4e86 RSAT \u5de5\u5177\u7684 Windows \u673a\u5668\u4e0a\u67e5\u8be2\u5230\u3002\u6253\u5f00 DNS \u7ba1\u7406\u5668\uff0c\u5c55\u5f00\u5230\u4f60\u7684\u57df tcp \u8bb0\u5f55\uff0c\u5982\u4e0b\u56fe\u6240\u793a\uff1a<\/p>\n
$\"\"$ <\/p>\n
\u901a\u8fc7 Windows RSAT \u5de5\u5177\u6765\u9a8c\u8bc1 DNS \u8bb0\u5f55<\/p>\n
\u4e0b\u4e00\u4e2a\u9a8c\u8bc1\u662f\u68c0\u67e5\u57df LDAP \u590d\u5236\u540c\u6b65\u662f\u5426\u6b63\u5e38\u3002\u4f7f\u7528 samba-tool \u5de5\u5177\uff0c\u5728\u7b2c\u4e8c\u4e2a\u57df\u63a7\u5236\u5668\u4e0a\u521b\u5efa\u4e00\u4e2a\u8d26\u53f7\uff0c\u7136\u540e\u68c0\u67e5\u8be5\u8d26\u53f7\u662f\u5426\u81ea\u52a8\u540c\u6b65\u5230\u7b2c\u4e00\u4e2a Samba4 AD DC \u670d\u52a1\u5668\u4e0a\u3002<\/p>\n
\u5728 adc2 \u4e0a\uff1a<\/p>\n
#\u00a0samba-tool\u00a0user\u00a0add\u00a0test_user\r\n<\/pre>\n
\u5728 adc1 \u4e0a\uff1a<\/p>\n
#\u00a0samba-tool\u00a0user\u00a0list\u00a0|\u00a0grep\u00a0test_user\r\n<\/pre>\n
$\"\"$ <\/p>\n
\u5728 Samba4 AD \u670d\u52a1\u5668\u4e0a\u521b\u5efa\u8d26\u53f7<\/p>\n
$\"\"$ <\/p>\n
\u5728 Samba4 AD \u670d\u52a1\u5668\u4e0a\u9a8c\u8bc1\u540c\u6b65\u529f\u80fd<\/p>\n
\u4f60\u4e5f\u53ef\u4ee5\u4ece Microsoft AD DC \u63a7\u5236\u53f0\u521b\u5efa\u4e00\u4e2a\u8d26\u53f7\uff0c\u7136\u540e\u9a8c\u8bc1\u8be5\u8d26\u53f7\u662f\u5426\u90fd\u51fa\u73b0\u5728\u4e24\u4e2a\u57df\u63a7\u670d\u52a1\u5668\u4e0a\u3002<\/p>\n
\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u8fd9\u4e2a\u8d26\u53f7\u90fd\u5e94\u8be5\u5728\u4e24\u4e2a samba \u57df\u63a7\u5236\u5668\u4e0a\u81ea\u52a8\u521b\u5efa\u5b8c\u6210\u3002\u5728 adc1 \u670d\u52a1\u5668\u4e0a\u4f7f\u7528 wbinfo \u547d\u4ee4\u67e5\u8be2\u8be5\u8d26\u53f7\u540d\u3002<\/p>\n
$\"\"$ <\/p>\n
\u4ece Microsoft AD UC \u521b\u5efa\u8d26\u53f7<\/p>\n
$\"\"$ <\/p>\n
\u5728 Samba4 AD \u670d\u52a1\u5668\u4e0a\u9a8c\u8bc1\u8d26\u53f7\u540c\u6b65\u529f\u80fd<\/p>\n
\u5b9e\u9645\u4e0a\uff0c\u6253\u5f00 Windows \u673a\u5668\u4e0a\u7684 AD DC \u63a7\u5236\u53f0\uff0c\u5c55\u5f00\u5230\u57df\u63a7\u5236\u5668\uff0c\u4f60\u5e94\u8be5\u770b\u5230\u4e24\u4e2a\u5df2\u6ce8\u518c\u7684 DC \u670d\u52a1\u5668\u3002<\/p>\n
$\"\"$ <\/p>\n
\u9a8c\u8bc1 Samba4 \u57df\u63a7\u5236\u5668<\/p>\n
\u7b2c 5 \u6b65\uff1a\u542f\u7528 Samba4 AD DC \u670d\u52a1<\/strong><\/div>\n
\u8981\u5728\u6574\u4e2a\u7cfb\u7edf\u542f\u7528 Samba4 AD DC \u7684\u670d\u52a1\uff0c\u9996\u5148\u4f60\u5f97\u7981\u7528\u539f\u6765\u7684\u4e0d\u9700\u8981\u7684 Samba \u670d\u52a1\uff0c\u7136\u540e\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u4ec5\u542f\u7528 samba-ad-dc \u670d\u52a1\uff1a<\/p>\n
#\u00a0systemctl\u00a0disable\u00a0smbd\u00a0nmbd\u00a0winbind\r\n#\u00a0systemctl\u00a0enable\u00a0samba-ad-dc\r\n<\/pre>\n
$\"\"$ <\/p>\n
\u542f\u7528 Samba4 AD DC \u670d\u52a1<\/p>\n
\u5982\u679c\u4f60\u4ece Microsoft \u5ba2\u6237\u7aef\u8fdc\u7a0b\u7ba1\u7406 Samba4 \u57df\u63a7\u5236\u5668\uff0c\u6216\u8005\u6709\u5176\u5b83 Linux \u6216 Windows \u5ba2\u6237\u673a\u96c6\u6210\u5230\u5f53\u524d\u57df\u4e2d\uff0c\u8bf7\u786e\u4fdd\u5728\u5b83\u4eec\u7684\u7f51\u5361 DNS \u670d\u52a1\u5668\u5730\u5740\u8bbe\u7f6e\u4e2d\u63d0\u53ca adc2 \u670d\u52a1\u5668\u7684 IP \u5730\u5740\uff0c\u4ee5\u5b9e\u73b0\u67d0\u79cd\u7a0b\u5e8f\u4e0a\u7684\u5197\u4f59\u3002<\/p>\n
\u4e0b\u56fe\u663e\u793a Windows \u548c Debian\/Ubuntu \u5ba2\u6237\u673a\u7684\u7f51\u5361\u914d\u7f6e\u8981\u6c42\u3002<\/p>\n
$\"\"$ <\/p>\n
\u914d\u7f6e Windows \u5ba2\u6237\u7aef\u6765\u7ba1\u7406 Samba4 DC<\/p>\n
$\"\"$ <\/p>\n
\u914d\u7f6e Linux \u5ba2\u6237\u7aef\u6765\u7ba1\u7406 Samba4 DC<\/p>\n
\u5982\u679c\u7b2c\u4e00\u53f0 DC \u670d\u52a1\u5668 192.168.1.254 \u7f51\u7edc\u4e0d\u901a\uff0c\u5219\u8c03\u6574\u914d\u7f6e\u6587\u4ef6\u4e2d DNS \u670d\u52a1\u5668 IP \u5730\u5740\u7684\u987a\u5e8f\uff0c\u4ee5\u514d\u5148\u67e5\u8be2\u8fd9\u53f0\u4e0d\u53ef\u7528\u7684 DNS \u670d\u52a1\u5668\u3002<\/p>\n
\u6700\u540e\uff0c\u5982\u679c\u4f60\u60f3\u5728 Linux \u7cfb\u7edf\u4e0a\u4f7f\u7528 Samba4 \u6d3b\u52a8\u76ee\u5f55\u8d26\u53f7\u6765\u8fdb\u884c\u672c\u5730\u8ba4\u8bc1\uff0c\u6216\u8005\u4e3a AD LDAP \u8d26\u53f7\u6388\u4e88 root \u6743\u9650\uff0c\u8bf7\u67e5\u770b\u5728 Linux \u547d\u4ee4\u884c\u4e0b\u7ba1\u7406 Samba4 AD \u67b6\u6784 \u8fd9\u7bc7\u6559\u7a0b\u7684 \u7b2c 2 \u6b65\u548c\u7b2c 3 \u6b65\u3002<\/p>\n
\n
\u539f\u6587\u6765\u81ea\uff1ahttp:\/\/os.51cto.com\/art\/201704\/536428.htm<\/a><\/p>\n
\u672c\u6587\u5730\u5740\uff1a http:\/\/lrxjmw.cn\/ubuntu-dc-samba4-ad-dc.html<\/a>\u7f16\u8f91\u5458\uff1a\u82cf\u897f\u4e91\uff0c\u5ba1\u6838\u5458\uff1a\u51af\u632f\u534e<\/span><\/p>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"
\u8fd9\u7bc7\u6587\u7ae0\u5c06\u8bb2\u89e3\u5982\u4f55\u4f7f\u7528 Ubuntu 16.04 \u670d\u52a1\u5668\u7248\u7cfb\u7edf\u6765\u521b\u5efa\u7b2c\u4e8c\u53f0 Samba4 \u57df\u63a7\u5236\u5668\uff0c\u5e76\u5c06\u5176\u52a0\u5165\u5230\u5df2\u521b\u5efa\u597d\u7684 Samba AD DC \u6797\u73af\u5883\u4e2d\uff0c\u4ee5\u4fbf\u4e3a\u4e00\u4e9b\u5173\u952e\u7684 AD DC \u670d\u52a1\u63d0\u4f9b\u8d1f\u8f7d\u5747\u8861\u53ca\u6545\u969c\u5207\u6362\u529f\u80fd\uff0c\u5c24\u5176\u662f\u4e3a\u90a3\u4e9b\u91cd\u8981\u7684\u670d\u52a1\uff0c\u6bd4\u5982 DNS \u670d\u52a1\u548c\u4f7f\u7528 SAM \u6570\u636e\u5e93\u7684 AD DC LDAP \u6a21\u5f0f\u3002<\/p>\n","protected":false},"author":63,"featured_media":58613,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[55],"tags":[],"class_list":["post-58238","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-thread"],"acf":[],"_links":{"self":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/58238","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/users\/63"}],"replies":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/comments?post=58238"}],"version-history":[{"count":21,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/58238\/revisions"}],"predecessor-version":[{"id":277507,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/58238\/revisions\/277507"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/media\/58613"}],"wp:attachment":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/media?parent=58238"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/categories?post=58238"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/tags?post=58238"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}