Samba BDC2015/01/19 |
Samba BDC (バックアップドメインコントローラ) を構築します。
当然のことながら同一サブネット内にSamba PDC 構築済みが前提です。
また、この Samba BDC はLDAPクライアントである必要があります。
Samba PDC は同一サブネット内に一つのみ存在できますが、この Samba BDC はいくらでも構築することができます。
|
|
[1] | smb.conf の設定はほぼプライマリ側と同じです。異なるのはプライマリ側が「domain master = Yes」に対して、 バックアップ側は「domain master = No」になる箇所のみです。 |
[root@slave ~]# mv /etc/samba/smb.conf /etc/samba/smb.conf.bak [root@slave ~]# cp /usr/share/doc/smbldap-tools-*/smb.conf /etc/samba/smb.conf
[root@slave ~]#
vi /etc/samba/smb.conf # 3行目:workgroup名を任意のものに変更 workgroup = ServerWorld
# 12行目:コメント化 # min passwd length = 3
# 22行目:変更 ldap passwd sync = yes
# 33,34行目:変更 Dos charset = CP932 Unix charset = UTF-8
# 42行目:変更 (プライマリ側と異なる箇所) domain master = No
# 47行目:変更 (LDAPサーバーのURI指定) passdb backend = ldapsam: ldap://10.0.0.39/
# 48行目:LDAP管理者DN変更 (LDAPサーバーで指定したもの) ldap admin dn = cn=Manager, dc=server,dc=world
# 50行目:LDAP suffix 変更 (LDAPサーバーで指定したもの) ldap suffix = dc=server,dc=world ldap group suffix = ou= Group ldap user suffix = ou= People
# 60行目:コメント解除 delete group script = /usr/sbin/smbldap-groupdel "%g" # 64行目あたりに追記:管理者ユーザー指定 set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' admin users = admin
mkdir /home/netlogon [root@slave ~]# /etc/rc.d/init.d/smb restart
Shutting down SMB services:
[ OK ] Shutting down NMB services: [ OK ] Starting SMB services: [ OK ] Starting NMB services: [ OK ]
[root@slave ~]#
smbpasswd -W # LDAP管理者パスワードをSambaに登録 Setting stored password for "cn=Manager,dc=server,dc=world" in secrets.tdb New SMB password: Retype new SMB password:
[root@slave ~]#
[root@slave ~]# net rpc getsid # プライマリ側のSID取得 Password: # 管理者パスワード Could not connect to server PDC-SRV # 特に問題なし The username or password was not correct. Storing SID S-1-5-21-3178205627-4140913089-3601047624 for Domain SERVERWORLD in secrets.tdb # 後ほど入力するので控えておく
perl /usr/share/doc/smbldap-tools-*/configure.pl -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- smbldap-tools script configuration -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Before starting, check . if your samba controller is up and running. . if the domain SID is defined (you can get it with the 'net getlocalsid') . you can leave the configuration using the Ctrl-c key combination . empty value can be set with the "." character -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Looking for configuration files...
Samba Configuration File Path [/etc/samba/smb.conf] >
# 空Enter The default directory in which the smbldap configuration files are stored is shown. If you need to change this, enter the full directory path, then press enter to continue.
Smbldap-tools Configuration Directory Path [/etc/smbldap-tools/] >
. workgroup name: name of the domain Samba act as a PDC# 空Enter -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Let's start configuring the smbldap-tools scripts ... workgroup name [ServerWorld] > # 空Enter . netbios name: netbios name of the samba controler netbios name [PDC-SRV] > # 空Enter . logon drive: local path to which the home directory will be connected (for NT Workstations). Ex: 'H:' logon drive [H:] > # 空Enter . logon home: home directory location (for Win95/98 or NT Workstation). (use %U as username) Ex:'\\PDC-SRV\%U' logon home (press the "." character if you don't want homeDirectory) [\\PDC-SRV\%U] > . # ピリオド入力 . logon path: directory where roaming profiles are stored. Ex:'\\PDC-SRV\profiles\%U' logon path (press the "." character if you don't want roaming profile) [\\PDC-SRV\profiles\%U] > . # ピリオド入力 . home directory prefix (use %U as username) [/home/%U] > # 空Enter . default users' homeDirectory mode [700] > # 空Enter . default user netlogon script (use %U as username) [logon.bat] > # 空Enter default password validation time (time in days) [45] > # 空Enter . ldap suffix [dc=server,dc=world] > # 空Enter . ldap group suffix [ou=Group] > # 空Enter . ldap user suffix [ou=People] > # 空Enter . ldap machine suffix [ou=Computers] > # 空Enter . Idmap suffix [ou=Idmap] > # 空Enter . sambaUnixIdPooldn: object where you want to store the next uidNumber and gidNumber available for new users and groups sambaUnixIdPooldn object (relative to ${suffix}) [sambaDomainName=ServerWorld] > # 空Enter . ldap master server: IP adress or DNS name of the master (writable) ldap server ldap master server [10.0.0.39] > # 空Enter . ldap master port [389] > # 空Enter . ldap master bind dn [cn=Manager,dc=server,dc=world] > # 空Enter . ldap master bind password [] > # LDAP管理者パスワード . ldap slave server: IP adress or DNS name of the slave ldap server: can also be the master one ldap slave server [10.0.0.39] > # LDAPスレーブがあれば指定(なければldap masterと同じもの) . ldap slave port [389] > # 空Enter . ldap slave bind dn [cn=Manager,dc=server,dc=world] > # 空Enter . ldap slave bind password [] > # スレーブがあれば入力(なければldap masterと同じもの) . ldap tls support (1/0) [0] > # 空Enter . SID for domain SERVERWORLD: SID of the domain (can be obtained with 'net getlocalsid PDC-SRV') SID for domain SERVERWORLD [S-1-5-21-1408951518-2773026720-1935188473] > S-1-5-21-3178205627-4140913089-3601047624 # PDCと同じもの . unix password encryption: encryption used for unix passwords unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA) [SSHA] > MD5 # MD5指定 . default user gidNumber [513] > # 空Enter . default computer gidNumber [515] > # 空Enter . default login shell [/bin/bash] > # 空Enter . default skeleton directory [/etc/skel] > # 空Enter . default domain name to append to mail adress [] > # 空Enter -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= backup old configuration files: /etc/smbldap-tools/smbldap.conf->/etc/smbldap-tools/smbldap.conf.old /etc/smbldap-tools/smbldap_bind.conf->/etc/smbldap-tools/smbldap_bind.conf.old writing new configuration file: /etc/smbldap-tools/smbldap.conf done. /etc/smbldap-tools/smbldap_bind.conf done.
[root@slave ~]#
[root@slave ~]# /etc/rc.d/init.d/smb restart Shutting down SMB services: [ OK ] Shutting down NMB services: [ OK ] Starting SMB services: [ OK ] Starting NMB services: [ OK ]
pdbedit -L # ユーザー情報確認 root:0:root # プライマリ側と同じ結果が得られているか確認 nobody:99:nobody admin:1000:admin e-fd3s$:1001:E-FD3S$ localhost$:1003:Computer rx-7$:4294967295: |
Sponsored Link |
|