root@debian:~# samba-tool domain provision\u3000\u3000\u2192Active Directory Domain\u306e\u69cb\u7bc9
\nRealm: TEST.JP
\nDomain [TEST]:
\nServer Role (dc, member, standalone) [dc]:
\nDNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
\nDNS forwarder IP address (write ‘none’ to disable forwarding) [192.168.1.146]:
\nAdministrator password:
\nRetype password:
\nLooking up IPv4 addresses
\nLooking up IPv6 addresses
\nNo IPv6 address will be assigned
\nSetting up share.ldb
\nSetting up secrets.ldb
\nSetting up the registry
\nSetting up the privileges database
\nSetting up idmap db
\nSetting up SAM db
\nSetting up sam.ldb partitions and settings
\nSetting up sam.ldb rootDSE
\nPre-loading the Samba 4 and AD schema
\nUnable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs<\/p>\n
Adding DomainDN: DC=test,DC=jp
\nAdding configuration container
\nSetting up sam.ldb schema
\nSetting up sam.ldb configuration data
\nSetting up display specifiers
\nModifying display specifiers and extended rights
\nAdding users container
\nModifying users container
\nAdding computers container
\nModifying computers container
\nSetting up sam.ldb data
\nSetting up well known security principals
\nSetting up sam.ldb users and groups
\nSetting up self join
\nRepacking database from v1 to v2 format (first record CN=ms-WMI-MergeablePolicyTemplate,CN=Schema,CN=Configuration,DC=test,DC=jp)
\nRepack: re-packed 10000 records so far
\nRepacking database from v1 to v2 format (first record CN=mSMQMigratedUser-Display,CN=40E,CN=DisplaySpecifiers,CN=Configuration,DC=test,DC=jp)
\nRepacking database from v1 to v2 format (first record CN=6bcd5688-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=test,DC=jp)
\nAdding DNS accounts
\nCreating CN=MicrosoftDNS,CN=System,DC=test,DC=jp
\nCreating DomainDnsZones and ForestDnsZones partitions
\nPopulating DomainDnsZones and ForestDnsZones partitions
\nRepacking database from v1 to v2 format (first record DC=c.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=test,DC=jp)
\nRepacking database from v1 to v2 format (first record DC=ForestDnsZones,DC=test,DC=jp)
\nSetting up sam.ldb rootDSE marking as synchronized
\nFixing provision GUIDs
\nA Kerberos configuration suitable for Samba AD has been generated at \/var\/lib\/samba\/private\/krb5.conf
\nMerge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink!
\nOnce the above files are installed, your Samba AD server will be ready to use
\nServer Role: active directory domain controller
\nHostname: debian
\nNetBIOS Domain: TEST
\nDNS Domain: test.jp
\nDOMAIN SID: S-1-5-21-4146388153-4193096593-3140523898<\/p>\n
root@debian:~# cat \/etc\/os-release
\nPRETTY_NAME=”Debian GNU\/Linux bullseye\/sid”
\nNAME=”Debian GNU\/Linux”
\nID=debian
\nHOME_URL=”https:\/\/www.debian.org\/”
\nSUPPORT_URL=”https:\/\/www.debian.org\/support”
\nBUG_REPORT_URL=”https:\/\/bugs.debian.org\/”
\nroot@debian:~# samba -V
\nVersion 4.11.5-Debian
\nroot@debian:~# samba -i -M single\u3000\u3000\u00a0\u00a0\u00a0\u00a0 \u2192 Active Directory Domain\u306e\u8d77\u52d5
\nsamba version 4.11.5-Debian started.
\nCopyright Andrew Tridgell and the Samba Team 1992-2019
\nbinary_smbd_main: samba: using ‘single’ process model
\nAttempting to autogenerate TLS self-signed keys for https for hostname ‘DEBIAN.test.jp’
\nTLS self-signed keys generated OK<\/p>\n
root@debian:~# kinit administrator\u3000\u3000\u00a0\u00a0 \u2192Active Directory Domain\u306e\u52d5\u4f5c\u78ba\u8a8d
\nPassword for administrator@TEST.JP:
\nWarning: Your password will expire in 41 days on 2020\u5e7404\u670804\u65e5 07\u664232\u520632\u79d2
\nroot@debian:~# samba-tool user add chibi
\nNote: samba-tool user add is deprecated. Please use samba-tool user create for the same function.
\nNew Password:
\nRetype Password:
\nUser ‘chibi’ created successfully
\nroot@debian:~# wbinfo -u
\nTEST\\administrator
\nTEST\\guest
\nTEST\\krbtgt
\nTEST\\chibi
\nroot@debian:~# wbinfo -n administrator
\nS-1-5-21-4146388153-4193096593-3140523898-500 SID_USER (1)
\nroot@debian:~# wbinfo -n chibi
\nS-1-5-21-4146388153-4193096593-3140523898-1103 SID_USER (1)
\nroot@debian:~# net ads info
\nLDAP server: 192.168.1.146
\nLDAP server name: debian.test.jp
\nRealm: TEST.JP
\nBind Path: dc=TEST,dc=JP
\nLDAP port: 389
\nServer time: \u571f, 22 2\u6708 2020 07:39:27 JST
\nKDC server: 192.168.1.146
\nServer time offset: 0
\nLast machine account password change: \u571f, 22 2\u6708 2020 07:32:32 JST
\nroot@debian:~# host -4 debian
\ndebian.test.jp has address 192.168.1.146
\nroot@debian:~# host -t SRV _ldap._tcp.test.jp
\n_ldap._tcp.test.jp has SRV record 0 100 389 debian.test.jp.
\nroot@debian:~# host -t SRV _kerberos._udp.test.jp
\n_kerberos._udp.test.jp has SRV record 0 100 88 debian.test.jp.
\nroot@debian:~# host -t A debian.test.jp
\ndebian.test.jp has address 192.168.1.146
\nroot@debian:~# smbclient -L localhost -U%<\/p>\n
Sharename Type Comment
\n——— —- ——-
\nsysvol Disk
\nnetlogon Disk
\nIPC$ IPC IPC Service (Samba 4.11.5-Debian)
\nSMB1 disabled — no workgroup available
\nroot@debian:~# smbclient \/\/localhost\/netlogon -Uadministrator
\nEnter TEST\\administrator’s password:
\nTry “help” to get a list of possible commands.
\nsmb: \\> ls
\n. D 0 Sat Feb 22 07:32:29 2020
\n.. D 0 Sat Feb 22 07:32:31 2020<\/p>\n
38958432 blocks of size 1024. 31915828 blocks available
\nsmb: \\> exit
\nroot@debian:~# smbclient \/\/localhost\/sysvol -Uadministrator
\nEnter TEST\\administrator’s password:
\nTry “help” to get a list of possible commands.
\nsmb: \\> ls
\n. D 0 Sat Feb 22 07:32:32 2020
\n.. D 0 Sat Feb 22 07:38:02 2020
\ntest.jp D 0 Sat Feb 22 07:32:31 2020<\/p>\n
38958432 blocks of size 1024. 31915828 blocks available
\nsmb: \\> exit
\nroot@debian:~# net ads lookup<\/p>\n
Debian GNU Linux bullseye sid samba4.11.5 Acitive Directory Domein\u306e\u52d5\u4f5c\u78ba\u8a8d<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" root@debian:~# samba-tool domain provision\u3000\u3000\u2192Active Directory Domain\u306e\u69cb\u7bc9 Realm: TEST.JP Domain [TEST]: Server R … \u7d9a\u304d\u3092\u8aad\u3080