Shulou(Shulou.com)06/01 Report--

How to use Windows 10 RSAT tools to manage Samba4, I believe that many inexperienced people do not know what to do, so this article summarizes the causes of the problem and solutions, through this article I hope you can solve this problem.

In this section of the Samba4 AD DC Architecture series, we will discuss how to add computers on Windows 10 systems to the Samba4 domain environment, and how to manage domain environments on Windows 10 systems.

Once the Windows 10 system is joined to the Samba4 AD DC, we can create, delete, or disable domain users and groups in the Windows 10 system, create new organizational units, create, edit, and manage domain policies, and manage Samba4 domain DNS services.

All the above functions and other complex work related to domain management can be done through the RSAT tool in the Windows environment-Microsoft remote server management tool.

Request

1. Use Samba4 on Ubuntu systems to create an active directory architecture (1)

2. Manage the Samba4 AD architecture under the Linux command line (2)

* step: configure domain time synchronization

1. Before using the RSAT tools of the Windows 10 system to manage Samba4 ADDC, we need to understand a very important service related to active Directory that requires precise time synchronization.

In most Linux distributions, the NTP process provides the time synchronization mechanism. The time gap allowed by AD environment is 5 minutes by default.

If the time gap is more than 5 minutes, you will encounter a variety of abnormal errors, the most serious of which will affect AD users, domain member servers or shared access.

To install the Network time Protocol process and NTP client tools on the Ubuntu system, execute the following command:

$sudo apt-get install ntp ntpdate

Install NTP service under Ubuntu system

2. Next, modify the NTP configuration file to replace the default NTP pool service list with a list of NTP service addresses closest to you.

The list of NTP server addresses can be obtained from the official website of the NTP address Library project: http://www.pool.ntp.org/en/.

$sudo nano / etc/ntp.conf

Add a # symbol before each line of pool to annotate the default server list and replace it with an appropriate NTP server address, as shown in the following figure:

Pool 0.ro.pool.ntp.org iburst pool 1.ro.pool.ntp.org iburst pool 2.ro.pool.ntp.org iburst # Use Ubuntu's ntp server as a fallback. Pool 3.ro.pool.ntp.org

Configure NTP service under Ubuntu system

3. Do not close the file at this time. Move the cursor to the top of the file and add the following line after the driftfile parameter. This setting is set to allow the client to query the service using AD's NTP signing request.

Ntpsigndsocket / var/lib/samba/ntp_signd/

Use NTP to synchronize AD

4. *, move the cursor to the bottom of the file and add the following line, as shown in the screenshot, only allow the network client to query the time on the server.

Restrict default kod nomodify notrap nopeer mssntp

Restrict query clients for NTP services

5. After the configuration is completed, save and close the NTP configuration file. In order for the NTP service to read the ntp_signed directory, you need to grant the NTP service appropriate permissions.

The following is the system path for Samba NTP socket. After that, restart the NTP service to apply the changes, and use the netstat command to join with grep filtering to check whether the NTP service is working.

$sudo chown root:ntp / var/lib/samba/ntp_signd/ $sudo chmod 750 / var/lib/samba/ntp_signd/ $sudo systemctl restart ntp $sudo netstat-tulpn | grep ntp

Authorize the NTP service

Use the ntpq command line tool to monitor the NTP process and add the-p parameter to display summary information.

$ntpq-p

Monitor NTP server pool

Step 2: deal with NTP time synchronization exception

6. Sometimes the NTP process will get stuck when trying to synchronize the time with the upstream ntp server, resulting in the following error when the client uses the ntpdate tool to manually force synchronization:

# ntpdate-qu adc1 ntpdate [4472]: no server suitable for synchronization found

NTP time synchronization exception

The ntpdate command plus the-d debug option:

# ntpdate-d adc1.tecmint.lan Server dropped: Leap not in sync

NTP Server Dropped Leap Not in Sync

7. To avoid this problem, use the following method to solve this problem: stop the NTP service on the server, and use the ntpdate client tool with the-b parameter to specify an external peer address to manually force the synchronization time, as shown in the following figure:

# systemctl stop ntp.service # ntpdate-b 2.ro.pool.ntp.org [your ntp peer] # systemctl start ntp.service # systemctl status ntp.service

Force NTP time synchronization

8. When the time is synchronized correctly, start the NTP service on the server and execute the following command on the client server to verify that the NTP time synchronization service is available:

# ntpdate-du adc1.tecmint.lan [your AD DC server]

Verify NTP time synchronization

At this point, the NTP service should be working properly.

After reading the above, have you mastered how to use Windows 10's RSAT tools to manage Samba4? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.