[root@centos7 ~]# kinit administrator Password for administrator@TEST.JP: Warning: Your password will expire in 41 days on 2019年08月15日 07時54分21秒 [root@centos7 ~]# net ads info LDAP server: 192.168.1.8 LDAP server name: centos7.test.jp Realm: TEST.JP Bind Path: dc=TEST,dc=JP LDAP port: 389 Server time: 木, 04 7月 2019 07:56:59 JST KDC server: 192.168.1.8 Server time offset: 0 Last machine account password change: 木, 04 7月 2019 05:55:12 JST [root@centos7 ~]# host -4 centos7.test.jp centos7.test.jp has address 192.168.1.8 centos7.test.jp has IPv6 address 2400:4052:46e0:b700:a114:b4b3:f7d8:3725 [root@centos7 ~]# /usr/local/samba/bin/samba-tool user add chibi Note: samba-tool user add is deprecated. Please use samba-tool user create for the same function. New Password: Retype Password: User 'chibi' created successfully [root@centos7 ~]# wbinfo -u could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE could not obtain winbind domain name! Error looking up domain users [root@centos7 ~]# /usr/local/samba/bin/samba-tool user list chibi Administrator krbtgt Guest [root@centos7 ~]# host -t SRV _ldap._tcp.test.jp _ldap._tcp.test.jp has SRV record 0 100 389 centos7.test.jp. [root@centos7 ~]# host -t SRV _kerberos._udp.test.jp _kerberos._udp.test.jp has SRV record 0 100 88 centos7.test.jp. [root@centos7 ~]# host -t A centos7.test.jp. centos7.test.jp has address 192.168.1.8 [root@centos7 ~]# /usr/local/samba/bin/smbclient -L localhost -U% Sharename Type Comment --------- ---- ------- netlogon Disk sysvol Disk IPC$ IPC IPC Service (Samba 4.9.11) Reconnecting with SMB1 for workgroup listing. Server Comment --------- ------- Workgroup Master --------- ------- [root@centos7 ~]# smbclient //localhost/netlogon -Uadministrator Enter TEST\administrator's password: Try "help" to get a list of possible commands. smb: \> ls . D 0 Wed Jul 3 11:12:24 2019 .. D 0 Wed Jul 3 11:12:29 2019 20960256 blocks of size 1024. 15038668 blocks available smb: \> exit [root@centos7 ~]# smbclient //localhost/sysvol -Uadministrator Enter TEST\administrator's password: Try "help" to get a list of possible commands. smb: \> ls . D 0 Thu Jul 4 07:54:22 2019 .. D 0 Thu Jul 4 07:56:25 2019 test.jp D 0 Wed Jul 3 11:12:29 2019 20960256 blocks of size 1024. 15038708 blocks available smb: \> exit [root@centos7 ~]# cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core) [root@centos7 ~]# /usr/local/samba/sbin/samba -V Version 4.9.11 [root@centos7 ~]# net ads lookup Information for Domain Controller: 192.168.1.8 Response Type: LOGON_SAM_LOGON_RESPONSE_EX GUID: 9fdd3f52-52ef-445a-8861-3e7823313f22 Flags: Is a PDC: yes Is a GC of the forest: yes Is an LDAP server: yes Supports DS: yes Is running a KDC: yes Is running time services: yes Is the closest DC: yes Is writable: yes Has a hardware clock: yes Is a non-domain NC serviced by LDAP server: no Is NT6 DC that has some secrets: no Is NT6 DC that has all secrets: yes Runs Active Directory Web Services: no Runs on Windows 2012 or later: no Forest: test.jp Domain: test.jp Domain Controller: centos7.test.jp Pre-Win2k Domain: TEST Pre-Win2k Hostname: CENTOS7 Server Site Name : Default-First-Site-Name Client Site Name : Default-First-Site-Name NT Version: 5 LMNT Token: ffff LM20 Token: ffff [root@centos7 ~]# /usr/local/samba/bin/samba-tool domain level show Domain and forest function level for domain 'DC=test,DC=jp' Forest function level: (Windows) 2008 R2 Domain function level: (Windows) 2008 R2 Lowest function level of a DC: (Windows) 2008 R2 [root@centos7 ~]# /usr/local/samba/bin/samba-tool fsmo show SchemaMasterRole owner: CN=NTDS Settings,CN=CENTOS7,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=jp InfrastructureMasterRole owner: CN=NTDS Settings,CN=CENTOS7,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=jp RidAllocationMasterRole owner: CN=NTDS Settings,CN=CENTOS7,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=jp PdcEmulationMasterRole owner: CN=NTDS Settings,CN=CENTOS7,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=jp DomainNamingMasterRole owner: CN=NTDS Settings,CN=CENTOS7,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=jp DomainDnsZonesMasterRole owner: CN=NTDS Settings,CN=CENTOS7,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=jp ForestDnsZonesMasterRole owner: CN=NTDS Settings,CN=CENTOS7,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=jp [root@centos7 ~]# /usr/local/samba/bin/samba-tool fsmo transfer --role=all This DC already has the 'rid' FSMO role This DC already has the 'pdc' FSMO role This DC already has the 'naming' FSMO role This DC already has the 'infrastructure' FSMO role This DC already has the 'schema' FSMO role This DC already has the 'domaindns' FSMO role This DC already has the 'forestdns' FSMO role [root@centos7 ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrator@TEST.JP Valid starting Expires Service principal 2019-07-04T07:56:49 2019-07-04T17:56:49 krbtgt/TEST.JP@TEST.JP renew until 2019-07-05T07:56:45 [root@centos7 ~]# /usr/local/samba/bin/samba-tool group list Remote Desktop Users Schema Admins IIS_IUSRS DnsUpdateProxy Account Operators Domain Controllers Pre-Windows 2000 Compatible Access Backup Operators Performance Log Users Performance Monitor Users Replicator Guests Administrators Server Operators DnsAdmins Cryptographic Operators Allowed RODC Password Replication Group Users Print Operators Group Policy Creator Owners RAS and IAS Servers Event Log Readers Domain Admins Cert Publishers Network Configuration Operators Windows Authorization Access Group Read-only Domain Controllers Domain Users Distributed COM Users Incoming Forest Trust Builders Terminal Server License Servers Denied RODC Password Replication Group Enterprise Admins Enterprise Read-only Domain Controllers Certificate Service DCOM Access Domain Guests Domain Computers [root@centos7 ~]#