尝试运行 samba AD DC,但我卡住了。创建域配置后,我定义了 resolv.conf:
cat /etc/resolv.conf
nameserver 10.99.0.30
search example.com
服务运行:
samba-ad-dc.service - Samba Active Directory Domain Controller
Loaded: loaded (/etc/systemd/system/samba-ad-dc.service; enabled; vendor preset: disabled)
Active: active (running)
DNS 记录查询似乎没问题:
$ host -t SRV _ldap._tcp.example.com.
_ldap._tcp.random.example.com has SRV record 0 100 389 random.example.com.
$ host -t SRV _kerberos._udp.example.com.
_kerberos._udp.random.example.com has SRV record 0 100 88 random.example.com.
$ host -t A random.example.com.
dc1.random.example.com has address 10.99.0.30
当我执行 netstat 时:
netstat -tulpn | grep ":53"
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 34599/samba: task[d
tcp6 0 0 :::53 :::* LISTEN 34599/samba: task[d
udp 0 0 0.0.0.0:53 0.0.0.0:* 34599/samba: task[d
udp 0 0 0.0.0.0:5353 0.0.0.0:* 745/avahi-daemon: r
udp6 0 0 :::53 :::* 34599/samba: task[d
udp6 0 0 :::5353 :::* 745/avahi-daemon: r
netstat 中的本地地址应该是 DNS(本地) 10.99.0.30 的确切 IP 地址,例如 10.99.0.30:53?
当我尝试从 WINDOWS 主机加入 AD 时,我得到了:
- The query was for the SRV record for _ldap._tcp.dc._msdcs.example.com
- The following domain controllers were identified by the query:
(no Active Directory Domain Controllers found)
- Host (A) or (AAAA) records that map the names of the domain controllers to
their IP addresses are missing or contain incorrect addresses.
- Domain controllers registered in DNS are not connected to the network or are not running.
我甚至无法通过 ping 解决 example.com。
答案1
Netstat 本地地址很好,即使是 0.0.0.0:53 也可以解析(在该服务器上的任何 IPv4 地址上监听)来源
我按照这个配置防火墙解决了问题页“配置防火墙”部分。您必须将 samba-dc 服务添加到您的区域。您可以列出要打开的端口,然后使它们持久:
firewall-cmd --info-service samba-dc
firewall-cmd --permanent --add-service=samba-dc
重新加载防火墙:
firewall-cmd --reload
验证(寻找 samba-dc):
firewall-cmd --list-services
PS: 我以为是防火墙的问题,但是samba 安装说明与防火墙配置无关。