Thomas: Die Seite wurde neu angelegt: „=Zwei DC mit Replikation einrichten= ==Situation== '''Existierender DC''' Name: rumba IP: 192.168.242.201 Ist DNS: Ja '''Domain Informationen''' DNS Dom…“

2016-12-13T10:59:40Z

Die Seite wurde neu angelegt: „=Zwei DC mit Replikation einrichten= ==Situation== '''Existierender DC''' Name: rumba IP: 192.168.242.201 Ist DNS: Ja '''Domain Informationen''' DNS Dom…“

Neue Seite

=Zwei DC mit Replikation einrichten=
==Situation==

'''Existierender DC'''
Name: rumba
IP: 192.168.242.201
Ist DNS: Ja
'''Domain Informationen'''
DNS Domain Name: xinux.test
Kerberos realm: XINUX.TEST
Domain Admin: administrator
Admin-PW: password
'''Hinzuzufügender DC'''
Name: tango
IP: 192.168.242.200

==Vorbereitungen==

*Beide Rechner sollten im selben Netz sein und sich pingen können
*etc/hosts anpassen: Der Rechner muss sich unter seiner IP finden, bei localhost den Namen löschen
127.0.0.1 localhost <strike>tango tango.xinux.test</strike>
192.168.242.200 tango tango.xinux.test
*DNS anpassen: searchdomain eintragen und den existierenden DC als DNS angeben
nameserver 192.168.242.201
search xinux.test
*DNS testen:
host -t A rumba.xinux.test
rumba.xinux.test has address 192.168.242.201

==Kerberos==

In der krb5.conf müssen folgende Einträge stehen:
[libdefaults]
dns_lookup_realm = false
dns_lookup_kdc = true
default_realm = XINUX.TEST

Testen ob man ein Kerberosticket bekommt
root@tango:~# '''kinit administrator'''
Password for administrator@XINUX.TEST:

root@tango:~# '''klist'''
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@XINUX.TEST

Valid starting Expires Service principal
10.09.2015 11:08:57 10.09.2015 21:08:57 krbtgt/XINUX.TEST@XINUX.TEST
renew until 11.09.2015 11:08:44
==Der Domain beitreten==
*'''ACHTUNG''' Für das Administrator-Passwort gelten die Standardrichtlinien von SAMBA4!
*Weiterführende Infos: samba-tool domain join --help

root@tango:~# samba-tool domain join XINUX.TEST DC -Uadministrator --realm=XINUX.TEST --dns-backend=SAMBA_INTERNAL

Ausgabe:
<pre>
Finding a writeable DC for domain 'XINUX.TEST'
Found DC rumba.xinux.test
Password for [WORKGROUP\administrator]:
workgroup is XINUX
realm is xinux.test
checking sAMAccountName
Adding CN=TANGO,OU=Domain Controllers,DC=xinux,DC=test
Adding CN=TANGO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xinux,DC=test
Adding CN=NTDS Settings,CN=TANGO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xinux,DC=test
Adding SPNs to CN=TANGO,OU=Domain Controllers,DC=xinux,DC=test
Setting account password for TANGO$
Enabling account
Calling bare provision
No IPv6 address will be assigned
Provision OK for domain DN DC=xinux,DC=test
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=xinux,DC=test] objects[402/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=xinux,DC=test] objects[804/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=xinux,DC=test] objects[1206/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=xinux,DC=test] objects[1550/1550] linked_values[0/0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=xinux,DC=test] objects[402/1616] linked_values[0/0]
Partition[CN=Configuration,DC=xinux,DC=test] objects[804/1616] linked_values[0/0]
Partition[CN=Configuration,DC=xinux,DC=test] objects[1206/1616] linked_values[0/0]
Partition[CN=Configuration,DC=xinux,DC=test] objects[1608/1616] linked_values[0/0]
Partition[CN=Configuration,DC=xinux,DC=test] objects[1616/1616] linked_values[28/0]
Replicating critical objects from the base DN of the domain
Partition[DC=xinux,DC=test] objects[97/97] linked_values[23/0]
Partition[DC=xinux,DC=test] objects[365/268] linked_values[23/0]
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=xinux,DC=test
Partition[DC=DomainDnsZones,DC=xinux,DC=test] objects[46/46] linked_values[0/0]
Replicating DC=ForestDnsZones,DC=xinux,DC=test
Partition[DC=ForestDnsZones,DC=xinux,DC=test] objects[18/18] linked_values[0/0]
Partition[DC=ForestDnsZones,DC=xinux,DC=test] objects[36/18] linked_values[0/0]
Committing SAM database
Sending DsReplicateUpdateRefs for all the replicated partitions
Setting isSynchronized and dsServiceName
Setting up secrets database
Joined domain XINUX (SID S-1-5-21-3964088599-1372953937-1397556401) as a DC
</pre>

==Anzeige der Replikation==
DC1:
<pre>
root@rumba:~# samba-tool drs showrepl

Default-First-Site-Name\RUMBA
DSA Options: 0x00000001
DSA object GUID: d91df6e8-fc0f-4d96-8407-1f66f5b5c47d
DSA invocationId: fc6eaa8e-a1cf-4af8-b919-f0af6abddb27

==== INBOUND NEIGHBORS ====

DC=DomainDnsZones,DC=xinux,DC=test
Default-First-Site-Name\TANGO via RPC
DSA object GUID: 9038189e-b307-48dc-bca3-fc76bc63ec38
Last attempt @ Thu Sep 10 11:30:34 2015 CEST was successful
0 consecutive failure(s).
Last success @ Thu Sep 10 11:30:34 2015 CEST

DC=ForestDnsZones,DC=xinux,DC=test
Default-First-Site-Name\TANGO via RPC
DSA object GUID: 9038189e-b307-48dc-bca3-fc76bc63ec38
Last attempt @ Thu Sep 10 11:30:34 2015 CEST was successful
0 consecutive failure(s).
Last success @ Thu Sep 10 11:30:34 2015 CEST

DC=xinux,DC=test
Default-First-Site-Name\TANGO via RPC
DSA object GUID: 9038189e-b307-48dc-bca3-fc76bc63ec38
Last attempt @ Thu Sep 10 11:30:59 2015 CEST was successful
0 consecutive failure(s).
Last success @ Thu Sep 10 11:30:59 2015 CEST

CN=Schema,CN=Configuration,DC=xinux,DC=test
Default-First-Site-Name\TANGO via RPC
DSA object GUID: 9038189e-b307-48dc-bca3-fc76bc63ec38
Last attempt @ Thu Sep 10 11:30:34 2015 CEST was successful
0 consecutive failure(s).
Last success @ Thu Sep 10 11:30:34 2015 CEST

CN=Configuration,DC=xinux,DC=test
Default-First-Site-Name\TANGO via RPC
DSA object GUID: 9038189e-b307-48dc-bca3-fc76bc63ec38
Last attempt @ Thu Sep 10 11:30:35 2015 CEST was successful
0 consecutive failure(s).
Last success @ Thu Sep 10 11:30:35 2015 CEST

==== OUTBOUND NEIGHBORS ====

DC=DomainDnsZones,DC=xinux,DC=test
Default-First-Site-Name\TANGO via RPC
DSA object GUID: 9038189e-b307-48dc-bca3-fc76bc63ec38
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)

DC=ForestDnsZones,DC=xinux,DC=test
Default-First-Site-Name\TANGO via RPC
DSA object GUID: 9038189e-b307-48dc-bca3-fc76bc63ec38
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)

DC=xinux,DC=test
Default-First-Site-Name\TANGO via RPC
DSA object GUID: 9038189e-b307-48dc-bca3-fc76bc63ec38
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=xinux,DC=test
Default-First-Site-Name\TANGO via RPC
DSA object GUID: 9038189e-b307-48dc-bca3-fc76bc63ec38
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)

CN=Configuration,DC=xinux,DC=test
Default-First-Site-Name\TANGO via RPC
DSA object GUID: 9038189e-b307-48dc-bca3-fc76bc63ec38
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)

==== KCC CONNECTION OBJECTS ====

Connection --
Connection name: f31d9725-b1a6-4450-93d4-8b62fabf609f
Enabled : TRUE
Server DNS name : TANGO.xinux.test
Server DN name : CN=NTDS Settings,CN=TANGO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xinux,DC=test
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
</pre>

DC2:
<pre>
root@tango:~# samba-tool drs showrepl

Default-First-Site-Name\TANGO
DSA Options: 0x00000001
DSA object GUID: 9038189e-b307-48dc-bca3-fc76bc63ec38
DSA invocationId: 1278e3ce-dadf-4e44-be9a-43c591e8318d

==== INBOUND NEIGHBORS ====

CN=Schema,CN=Configuration,DC=xinux,DC=test
Default-First-Site-Name\RUMBA via RPC
DSA object GUID: d91df6e8-fc0f-4d96-8407-1f66f5b5c47d
Last attempt @ Thu Sep 10 11:28:15 2015 CEST was successful
0 consecutive failure(s).
Last success @ Thu Sep 10 11:28:15 2015 CEST

DC=xinux,DC=test
Default-First-Site-Name\RUMBA via RPC
DSA object GUID: d91df6e8-fc0f-4d96-8407-1f66f5b5c47d
Last attempt @ Thu Sep 10 11:28:15 2015 CEST was successful
0 consecutive failure(s).
Last success @ Thu Sep 10 11:28:15 2015 CEST

DC=DomainDnsZones,DC=xinux,DC=test
Default-First-Site-Name\RUMBA via RPC
DSA object GUID: d91df6e8-fc0f-4d96-8407-1f66f5b5c47d
Last attempt @ Thu Sep 10 11:31:28 2015 CEST was successful
0 consecutive failure(s).
Last success @ Thu Sep 10 11:31:28 2015 CEST

DC=ForestDnsZones,DC=xinux,DC=test
Default-First-Site-Name\RUMBA via RPC
DSA object GUID: d91df6e8-fc0f-4d96-8407-1f66f5b5c47d
Last attempt @ Thu Sep 10 11:28:15 2015 CEST was successful
0 consecutive failure(s).
Last success @ Thu Sep 10 11:28:15 2015 CEST

CN=Configuration,DC=xinux,DC=test
Default-First-Site-Name\RUMBA via RPC
DSA object GUID: d91df6e8-fc0f-4d96-8407-1f66f5b5c47d
Last attempt @ Thu Sep 10 11:28:15 2015 CEST was successful
0 consecutive failure(s).
Last success @ Thu Sep 10 11:28:15 2015 CEST

==== OUTBOUND NEIGHBORS ====

CN=Schema,CN=Configuration,DC=xinux,DC=test
Default-First-Site-Name\RUMBA via RPC
DSA object GUID: d91df6e8-fc0f-4d96-8407-1f66f5b5c47d
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)

DC=xinux,DC=test
Default-First-Site-Name\RUMBA via RPC
DSA object GUID: d91df6e8-fc0f-4d96-8407-1f66f5b5c47d
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)

DC=DomainDnsZones,DC=xinux,DC=test
Default-First-Site-Name\RUMBA via RPC
DSA object GUID: d91df6e8-fc0f-4d96-8407-1f66f5b5c47d
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)

DC=ForestDnsZones,DC=xinux,DC=test
Default-First-Site-Name\RUMBA via RPC
DSA object GUID: d91df6e8-fc0f-4d96-8407-1f66f5b5c47d
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)

CN=Configuration,DC=xinux,DC=test
Default-First-Site-Name\RUMBA via RPC
DSA object GUID: d91df6e8-fc0f-4d96-8407-1f66f5b5c47d
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)

==== KCC CONNECTION OBJECTS ====

Connection --
Connection name: 2770037b-6291-442b-9b94-89c8d6c780c0
Enabled : TRUE
Server DNS name : rumba.xinux.test
Server DN name : CN=NTDS Settings,CN=RUMBA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xinux,DC=test
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
</pre>

=SeDiskOperatorPrivilege=
net rpc rights grant 'XINUX\Domain Admins' SeDiskOperatorPrivilege -Uadministrator

===Vorhandene Rechte lassen sich so Anzeige===
net rpc rights list accounts -Uadministrator

2 DC mit Replicatiom - Versionsgeschichte

Thomas: Die Seite wurde neu angelegt: „=Zwei DC mit Replikation einrichten= ==Situation== '''Existierender DC''' Name: rumba IP: 192.168.242.201 Ist DNS: Ja '''Domain Informationen''' DNS Dom…“