[root@f30 ~]# kinit administrator Password for administrator@TEST.JP: Warning: Your password will expire in 41 days on 2019年08月21日 04時45分26秒 [root@f30 ~]# /usr/local/samba/bin/samba-tool user list krbtgt Guest Administrator [root@f30 ~]# /usr/local/samba/bin/samba-tool user add chibi Note: samba-tool user add is deprecated. Please use samba-tool user create for the same function. New Password: Retype Password: User 'chibi' created successfully [root@f30 ~]# /usr/local/samba/bin/samba-tool user list krbtgt Guest chibi Administrator [root@f30 ~]# /usr/local/samba/sbin/samba -V Version 4.11.0rc1 [root@f30 ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrator@TEST.JP Valid starting Expires Service principal 2019-07-10T04:49:22 2019-07-10T14:49:22 krbtgt/TEST.JP@TEST.JP renew until 2019-07-11T04:49:17 [root@f30 ~]# /usr/local/samba/bin/samba-tool domain level show Domain and forest function level for domain 'DC=test,DC=jp' Forest function level: (Windows) 2008 R2 Domain function level: (Windows) 2008 R2 Lowest function level of a DC: (Windows) 2008 R2 [root@f30 ~]# /usr/local/samba/bin/samba-tool fsmo show SchemaMasterRole owner: CN=NTDS Settings,CN=F30,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=jp InfrastructureMasterRole owner: CN=NTDS Settings,CN=F30,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=jp RidAllocationMasterRole owner: CN=NTDS Settings,CN=F30,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=jp PdcEmulationMasterRole owner: CN=NTDS Settings,CN=F30,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=jp DomainNamingMasterRole owner: CN=NTDS Settings,CN=F30,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=jp DomainDnsZonesMasterRole owner: CN=NTDS Settings,CN=F30,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=jp ForestDnsZonesMasterRole owner: CN=NTDS Settings,CN=F30,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=jp [root@f30 ~]# /usr/local/samba/bin/samba-tool fsmo transfer --role=all This DC already has the 'rid' FSMO role This DC already has the 'pdc' FSMO role This DC already has the 'naming' FSMO role This DC already has the 'infrastructure' FSMO role This DC already has the 'schema' FSMO role This DC already has the 'domaindns' FSMO role This DC already has the 'forestdns' FSMO role [root@f30 ~]# /usr/local/samba/bin/samba-tool group list Domain Computers Event Log Readers Domain Guests Network Configuration Operators Domain Controllers Terminal Server License Servers Guests Domain Users Enterprise Admins Cryptographic Operators Group Policy Creator Owners DnsAdmins Users Allowed RODC Password Replication Group Windows Authorization Access Group Denied RODC Password Replication Group Performance Log Users Domain Admins Cert Publishers Certificate Service DCOM Access Print Operators Pre-Windows 2000 Compatible Access Distributed COM Users Incoming Forest Trust Builders Remote Desktop Users Server Operators Schema Admins Account Operators Enterprise Read-only Domain Controllers Read-only Domain Controllers Administrators RAS and IAS Servers Performance Monitor Users Backup Operators DnsUpdateProxy Replicator IIS_IUSRS [root@f30 ~]# host -4 f30 f30.test.jp has address 192.168.1.7 [root@f30 ~]# host -t SRV _ldap._tcp.test.jp _ldap._tcp.test.jp has SRV record 0 100 389 f30.test.jp. [root@f30 ~]# host -t SRV _kerberos._udp.test.jp _kerberos._udp.test.jp has SRV record 0 100 88 f30.test.jp. [root@f30 ~]# host -t A f30.test.jp. f30.test.jp has address 192.168.1.7 [root@f30 ~]# smbclient -L localhost -U% Sharename Type Comment --------- ---- ------- netlogon Disk sysvol Disk IPC$ IPC IPC Service (Samba 4.11.0rc1) Reconnecting with SMB1 for workgroup listing. smbXcli_negprot_smb1_done: No compatible protocol selected by server. protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE Unable to connect with SMB1 -- no workgroup available [root@f30 ~]# smbclient //localhost/netlogon -Uadministrator Enter TEST\administrator's password: Try "help" to get a list of possible commands. smb: \> ls . D 0 Wed Jul 10 03:56:45 2019 .. D 0 Wed Jul 10 03:56:48 2019 41021664 blocks of size 1024. 29873460 blocks available smb: \> exit [root@f30 ~]# smbclient //localhost/sysvol -Uadministrator Enter TEST\administrator's password: Try "help" to get a list of possible commands. smb: \> ls . D 0 Wed Jul 10 04:45:27 2019 .. D 0 Wed Jul 10 04:47:26 2019 test.jp D 0 Wed Jul 10 03:56:48 2019 41021664 blocks of size 1024. 29873456 blocks available smb: \> exit [root@f30 ~]# net ads lookup Information for Domain Controller: 192.168.1.7 Response Type: LOGON_SAM_LOGON_RESPONSE_EX GUID: 0918ff59-304b-4870-a56d-fa9a7a79da5f Flags: Is a PDC: yes Is a GC of the forest: yes Is an LDAP server: yes Supports DS: yes Is running a KDC: yes Is running time services: yes Is the closest DC: yes Is writable: yes Has a hardware clock: yes Is a non-domain NC serviced by LDAP server: no Is NT6 DC that has some secrets: no Is NT6 DC that has all secrets: yes Runs Active Directory Web Services: no Runs on Windows 2012 or later: no Forest: test.jp Domain: test.jp Domain Controller: f30.test.jp Pre-Win2k Domain: TEST Pre-Win2k Hostname: F30 Server Site Name: Default-First-Site-Name Client Site Name: Default-First-Site-Name NT Version: 5 LMNT Token: ffff LM20 Token: ffff [root@f30 ~]# dig test.jp ; <<>> DiG 9.11.6-P1-RedHat-9.11.6-5.P1.fc30 <<>> test.jp ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34664 ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;test.jp. IN A ;; ANSWER SECTION: test.jp. 900 IN A 192.168.1.7 ;; AUTHORITY SECTION: test.jp. 3600 IN SOA f30.test.jp. hostmaster.test.jp. 1 900 600 86400 3600 ;; Query time: 0 msec ;; SERVER: 192.168.1.7#53(192.168.1.7) ;; WHEN: 水 7月 10 04:55:57 JST 2019 ;; MSG SIZE rcvd: 92 [root@f30 ~]# wbinfo -u could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE could not obtain winbind domain name! Error looking up domain users [root@f30 ~]# net ads info LDAP server: 192.168.1.7 LDAP server name: f30.test.jp Realm: TEST.JP Bind Path: dc=TEST,dc=JP LDAP port: 389 Server time: 水, 10 7月 2019 05:02:58 JST KDC server: 192.168.1.7 Server time offset: 0 Last machine account password change: 土, 06 7月 2019 05:59:35 JST [root@f30 ~]#