核對AD 檔案 :
root@linux-ad1:~# smbclient -L localhost -U%
Domain=[TW2] OS=[Windows 6.1] Server=[Samba 4.3.11-Ubuntu]
Sharename Type Comment
--------- ---- -------
netlogon Disk
sysvol Disk
IPC$ IPC IPC Service (Samba 4.3.11-Ubuntu)
Domain=[TW2] OS=[Windows 6.1] Server=[Samba 4.3.11-Ubuntu]
Server Comment
--------- -------
Workgroup Master
--------- -------
WORKGROUP NZGFT-WEB-TEST
root@linux-ad1:~# smbclient //localhost/netlogon -UAdministrator -c 'ls'
Enter Administrator's password:
Domain=[TW2] OS=[Windows 6.1] Server=[Samba 4.3.11-Ubuntu]
. D 0 Tue Nov 15 11:36:25 2016
.. D 0 Tue Nov 15 11:36:25 2016
52428800 blocks of size 1024. 50254128 blocks available
核對DNS :
root@linux-ad1:~# host -t A linux-ad1.tw2.ad.
linux-ad1.tw2.ad has address 192.168.0.68
root@linux-ad1:~# host -t SRV _kerberos._udp.tw2.ad.
_kerberos._udp.tw2.ad has SRV record 0 100 88 linux-ad1.tw2.ad.
host -t SRV _ldap._tcp.tw2.ad.
_ldap._tcp.tw2.ad has SRV record 0 100 389 linux-ad1.tw2.ad.
核對Kerberos :
root@linux-ad1:~# kinit administrator
Password for administrator@TW2.AD:
root@linux-ad1:~# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@TW2.AD
Valid starting Expires Service principal
11/17/2016 09:17:58 11/17/2016 19:17:58 krbtgt/TW2.AD@TW2.AD
renew until 11/18/2016 09:17:42
kinit administrator@TW2.AD
kinit: Cannot find KDC for realm "TW2.AD" while getting initial credentials
建立 DNS 反查 :
root@linux-ad1:~# getent hosts linux-ad1
192.168.0.68 linux-ad1.tw3.ad linux-ad1
測試 連線
root@linux-ad1:~# wbinfo --ping-dc
checking the NETLOGON for domain[TW2] dc connection to "linux-ad1.tw2.ad" succeeded
Samba AD DC 資料庫檢查
root@linux-ad1:~# samba-tool dbcheck --cross-ncs
Checking 3926 objects
Checked 3926 objects (0 errors)
如資料錯誤 samba-tool dbcheck --cross-ncs --fix --yes 修護
檢查 acl
samba-tool ntacl sysvolcheck
重置錯誤的 acl ...
samba-tool ntacl sysvolreset
修護 acl ...
samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix --yes
root@linux-ad1:~# samba-tool dns query linux-ad1 tw2.ad @ ALL
Name=, Records=3, Children=0
A: 192.168.0.68 (flags=600000f0, serial=675, ttl=900)
SOA: serial=742, refresh=900, retry=600, expire=86400, minttl=3600, ns=TW2.AD., email=hostmaster.tw2.ad. (flags=600000f0, serial=742, ttl=3600)
NS: linux-ad1. (flags=600000f0, serial=712, ttl=3600)
Name=linux-ad1, Records=1, Children=0
A: 192.168.0.68 (flags=f0, serial=674, ttl=900)
Name=_msdcs, Records=0, Children=0
Name=_sites, Records=0, Children=1
Name=_tcp, Records=0, Children=4
Name=_udp, Records=0, Children=2
Name=AD-TEST-WIN7, Records=1, Children=0
A: 192.168.0.64 (flags=f0, serial=655, ttl=1200)
Name=DomainDnsZones, Records=0, Children=2
Name=ForestDnsZones, Records=0, Children=2
root@linux-ad1:~# samba-tool dns add linux-ad1 tw2.ad AD-TEST-WIN7 A 192.168.0.64 -k yes
ERROR: Record already exists
root@linux-ad1:~# samba-tool dns delete linux-ad1 tw2.ad AD-TEST-WIN7 A 192.168.0.64 -k yes
Record deleted successfully
root@linux-ad1:~# samba-tool dns query linux-ad1 tw2.ad @ ALL
Name=, Records=3, Children=0
A: 192.168.0.68 (flags=600000f0, serial=675, ttl=900)
SOA: serial=743, refresh=900, retry=600, expire=86400, minttl=3600, ns=TW2.AD., email=hostmaster.tw2.ad. (flags=600000f0, serial=743, ttl=3600)
NS: linux-ad1. (flags=600000f0, serial=712, ttl=3600)
Name=linux-ad1, Records=1, Children=0
A: 192.168.0.68 (flags=f0, serial=674, ttl=900)
Name=_msdcs, Records=0, Children=0
Name=_sites, Records=0, Children=1
Name=_tcp, Records=0, Children=4
Name=_udp, Records=0, Children=2
Name=DomainDnsZones, Records=0, Children=2
Name=ForestDnsZones, Records=0, Children=2
samba_dnsupdate --all-names --verbose
samba-tool dns zonelist tw2.ad -Uadministrator
雜七雜八 (1)