User Tools
контроллер_домена_samba_4
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
контроллер_домена_samba_4 [2023/04/03 08:41] val [Настройка репликации] |
контроллер_домена_samba_4 [2024/08/29 05:45] (current) val [Переносим FSMO на новый сервер] |
||
|---|---|---|---|
| Line 10: | Line 10: | ||
| ==== Debian/Ubuntu ==== | ==== Debian/Ubuntu ==== | ||
| <code> | <code> | ||
| + | # apt update | ||
| + | |||
| # apt install samba winbind | # apt install samba winbind | ||
| Line 42: | Line 44: | ||
| debian# systemctl disable smbd | debian# systemctl disable smbd | ||
| - | debian# systemctl unmask samba-ad-dc.service | + | debian# systemctl unmask samba-ad-dc.service # в debian12, похоже, не нужно |
| - | debian# systemctl enable samba-ad-dc.service | + | debian# systemctl enable samba-ad-dc.service # в debian12, похоже, не нужно |
| server# cat /etc/samba/smb.conf | server# cat /etc/samba/smb.conf | ||
| Line 53: | Line 55: | ||
| </code><code> | </code><code> | ||
| server# init 6 | server# init 6 | ||
| + | |||
| + | gate# ssh server2 | ||
| server# cat /etc/resolv.conf | server# cat /etc/resolv.conf | ||
| Line 74: | Line 78: | ||
| # samba-tool user list | # samba-tool user list | ||
| + | |||
| + | # samba-tool group addmembers group1 user4 | ||
| </code> | </code> | ||
| Line 88: | Line 94: | ||
| # samba-tool dns add server corpX.un _xmpp-client._tcp SRV 'gate.corpX.un 5222 0 0' | # samba-tool dns add server corpX.un _xmpp-client._tcp SRV 'gate.corpX.un 5222 0 0' | ||
| + | |||
| + | # samba-tool dns add server corpX.un @ MX "server.corpX.un 1" | ||
| </code> | </code> | ||
| Line 101: | Line 109: | ||
| * [[https://www.rebeladmin.com/2016/01/step-by-step-guide-to-downgrade-domain-and-forest-functional-level/|Step by Step Guide to downgrade domain and forest functional level]] | * [[https://www.rebeladmin.com/2016/01/step-by-step-guide-to-downgrade-domain-and-forest-functional-level/|Step by Step Guide to downgrade domain and forest functional level]] | ||
| + | * [[https://dzen.ru/a/Y0LrkjKfFBoi30Pi|Миграция Active Directory с Windows Server 2022 на Ubuntu 22.04 + Samba 4.15.13]] | ||
| + | |||
| + | ==== Уровень леса и домена ==== | ||
| + | |||
| + | * [[https://wiki.samba.org/index.php/Raising_the_Functional_Levels|Raising the Functional Levels]] - версии Samba и уровни леса/домена | ||
| <code> | <code> | ||
| Line 106: | Line 119: | ||
| PS C:\Users\Administrator> Get-ADDomain | PS C:\Users\Administrator> Get-ADDomain | ||
| - | PS C:\Users\Administrator> Set-ADForestMode –Identity "corp13.un" -ForestMode Windows2008R2Forest | + | PS C:\Users\Administrator> Set-ADForestMode –Identity "corpX.un" -ForestMode Windows2008R2Forest |
| - | PS C:\Users\Administrator> Set-ADDomainMode –Identity "corp13.un" –DomainMode Windows2008R2Domain | + | PS C:\Users\Administrator> Set-ADDomainMode –Identity "corpX.un" –DomainMode Windows2008R2Domain |
| </code> | </code> | ||
| Line 114: | Line 127: | ||
| <code> | <code> | ||
| - | server2.corp13.un:~# kinit administrator | + | server2# kinit administrator |
| - | server2.corp13.un:~# samba-tool domain join corp13.un DC -k yes --dns-backend=SAMBA_INTERNAL --option="dns forwarder=172.16.1.254" | + | server2# samba-tool domain join corpX.un DC -k yes --dns-backend=SAMBA_INTERNAL --option="dns forwarder=172.16.1.254" |
| </code> | </code> | ||
| Line 124: | Line 137: | ||
| * [[https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/f977faaa-673e-4f66-b9bf-48c640241d47|[MS-DRSR]: Directory Replication Service (DRS) Remote Protocol]] | * [[https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/f977faaa-673e-4f66-b9bf-48c640241d47|[MS-DRSR]: Directory Replication Service (DRS) Remote Protocol]] | ||
| + | * [[https://wiki.samba.org/index.php/SysVol_replication_(DFS-R)|SysVol replication (DFS-R)]] | ||
| * [[https://wiki.samba.org/index.php/Robocopy_based_SysVol_replication_workaround|Robocopy based SysVol replication workaround]] | * [[https://wiki.samba.org/index.php/Robocopy_based_SysVol_replication_workaround|Robocopy based SysVol replication workaround]] | ||
| <code> | <code> | ||
| - | server2.corp13.un:~# samba-tool drs showrepl | + | server2# samba-tool drs showrepl |
| - | server2.corp13.un:~# samba-tool user list | + | server2# samba-tool user list |
| - | server2.corp13.un:~# samba-tool user create user4 'Pa$$w0rd4' --given-name 'Василий' --initials 'М' --surname 'Кошкин' | + | server2# samba-tool user create user4 'Pa$$w0rd4' --given-name 'Василий' --initials 'М' --surname 'Кошкин' #--mail-address=user4@corpX.un |
| В AD появится с задержкой до 10 минут | В AD появится с задержкой до 10 минут | ||
| - | server2.corp13.un:~#### samba-tool ldapcmp ldap://server.corp13.un ldap://server2.corp13.un -Uadministrator | + | server2# samba-tool ldapcmp ldap://server.corpX.un ldap://server2.corpX.un -Uadministrator |
| Допустимы ERROR, но должны быть и SUCCESS | Допустимы ERROR, но должны быть и SUCCESS | ||
| - | server2.corp13.un:~# find /var/lib/samba/sysvol | + | server2# find /var/lib/samba/sysvol |
| - | PS C:\Users\Administrator> robocopy \\SERVER\SYSVOL\corp13.un\ \\SERVER2\SYSVOL\corp13.un\ /mir /sec | + | PS C:\Users\Administrator> robocopy \\SERVER\SYSVOL\corpX.un\ \\SERVER2\SYSVOL\corpX.un\ /mir /sec |
| - | server2.corp13.un:~# find /var/lib/samba/sysvol | grep aas | + | server2# find /var/lib/samba/sysvol | grep aas |
| - | server2.corp13.un:~#### samba-tool ntacl sysvolcheck | + | server2# ### samba-tool ntacl sysvolcheck |
| ошибки | ошибки | ||
| </code> | </code> | ||
| Line 154: | Line 168: | ||
| * Flexible Single Master Operations | * Flexible Single Master Operations | ||
| * [[https://habr.com/ru/post/133370/|Все что вы хотели знать о мастерах операций, но боялись спросить]] | * [[https://habr.com/ru/post/133370/|Все что вы хотели знать о мастерах операций, но боялись спросить]] | ||
| + | * [[https://winitpro.ru/index.php/2012/03/06/peredacha-rolej-fsmo/|Передача/захват ролей FSMO на другой контроллер домена Active Directory]] | ||
| <code> | <code> | ||
| - | server2.corp13.un:~# samba-tool fsmo show | + | server2# samba-tool fsmo show |
| + | |||
| + | попробовать# samba-tool fsmo seize --role=all | ||
| </code> | </code> | ||
| <code> | <code> | ||
| Line 173: | Line 190: | ||
| q | q | ||
| </code><code> | </code><code> | ||
| - | server2.corp13.un:~# samba-tool fsmo seize --role=forestdns | + | server2# samba-tool fsmo seize --role=forestdns |
| - | server2.corp13.un:~# samba-tool fsmo seize --role=domaindns | + | server2# samba-tool fsmo seize --role=domaindns |
| - | server2.corp13.un:~# samba-tool fsmo show | + | server2# samba-tool fsmo show | grep SERVER2 |
| </code> | </code> | ||
| Line 187: | Line 204: | ||
| * Останавливаем SERVER | * Останавливаем SERVER | ||
| <code> | <code> | ||
| - | server2# nslookup -q=SRV _kerberos._tcp.corp13.un | + | server2# nslookup -q=SRV _kerberos._tcp.corpX.un |
| server2# samba-tool domain demote --remove-other-dead-server=SERVER | server2# samba-tool domain demote --remove-other-dead-server=SERVER | ||
| - | server2# nslookup -q=SRV _kerberos._tcp.corp13.un | + | server2# nslookup -q=SRV _kerberos._tcp.corpX.un |
| </code> | </code> | ||
контроллер_домена_samba_4.1680500481.txt.gz · Last modified: 2023/04/03 08:41 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
