[root@f31 ~]# kinit administrator Password for administrator@TEST.JP: [root@f31 ~]# net ads join -U administrator Enter administrator's password: secrets_domain_info_kerberos_keys: generation of a des-cbc-md5 key failed: Bad encryption type secrets_store_JoinCtx: secrets_domain_info_password_create(pw) failed for TEST - NT_STATUS_UNSUCCESSFUL libnet_join_joindomain_store_secrets: secrets_store_JoinCtx() failed NT_STATUS_UNSUCCESSFUL Failed to join domain: This machine is not currently joined to a domain. [root@f31 ~]# net ads info LDAP server: 192.168.1.41 LDAP server name: dc.test.jp Realm: TEST.JP Bind Path: dc=TEST,dc=JP LDAP port: 389 Server time: 火, 25 6月 2019 06:19:09 JST KDC server: 192.168.1.41 Server time offset: -7 Last machine account password change: 木, 01 1月 1970 09:00:00 JST [root@f31 ~]# host -4 dc dc.test.jp has address 192.168.1.41 dc.test.jp has address 192.168.1.43 dc.test.jp has IPv6 address 2400:4052:46e0:b700:9c17:70c2:f128:4f74 dc.test.jp has IPv6 address 2400:4052:46e0:b700:d0cb:a843:f2ba:fd28 [root@f31 ~]# host -4 dc1 dc1.test.jp has address 192.168.1.52 dc1.test.jp has IPv6 address 2400:4052:46e0:b700:a555:f9b5:10f3:2a15 [root@f31 ~]# host -4 dc2 dc2.test.jp has address 192.168.1.32 dc2.test.jp has IPv6 address 2400:4052:46e0:b700:d908:2730:71f3:20c [root@f31 ~]# host -t SRV _ldap._tcp.test.jp _ldap._tcp.test.jp has SRV record 0 100 389 dc2.test.jp. _ldap._tcp.test.jp has SRV record 0 100 389 dc.test.jp. _ldap._tcp.test.jp has SRV record 0 100 389 dc1.test.jp. [root@f31 ~]# host -t SRV _kerberos._udp.test.jp _kerberos._udp.test.jp has SRV record 0 100 88 dc1.test.jp. _kerberos._udp.test.jp has SRV record 0 100 88 dc2.test.jp. _kerberos._udp.test.jp has SRV record 0 100 88 dc.test.jp. [root@f31 ~]# host -t A test.jp test.jp has address 192.168.1.32 test.jp has address 192.168.1.52 test.jp has address 192.168.1.41 test.jp has address 192.168.1.43 [root@f31 ~]# smbclient //192.168.1.41/netlogon -Uadministrator Enter TEST\administrator's password: Try "help" to get a list of possible commands. smb: \> ls . D 0 Sun Jul 2 03:46:25 2017 .. D 0 Sun Jul 2 03:46:25 2017 62369535 blocks of size 4096. 39358790 blocks available smb: \> exit [root@f31 ~]# smbclient //192.168.1.41/sysvol -Uadministrator Enter TEST\administrator's password: Try "help" to get a list of possible commands. smb: \> ls . D 0 Sun Jul 2 03:46:25 2017 .. D 0 Sun Jul 2 03:46:25 2017 test.jp D 0 Sun Jul 2 03:46:25 2017 62369535 blocks of size 4096. 39199577 blocks available smb: \> exit [root@f31 ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrator@TEST.JP Valid starting Expires Service principal 2019-06-25T06:18:26 2019-06-25T16:18:26 krbtgt/TEST.JP@TEST.JP renew until 2019-06-26T06:18:22 [root@f31 ~]# cat /etc/redhat-release Fedora release 31 (Rawhide) [root@f31 ~]# samba -V Version 4.10.5 [root@f31 ~]# net ads lookup Information for Domain Controller: 192.168.1.41 Response Type: LOGON_SAM_LOGON_RESPONSE_EX GUID: e179b8b2-e065-4c47-a9af-873334b355aa Flags: Is a PDC: yes Is a GC of the forest: yes Is an LDAP server: yes Supports DS: yes Is running a KDC: yes Is running time services: yes Is the closest DC: yes Is writable: yes Has a hardware clock: yes Is a non-domain NC serviced by LDAP server: no Is NT6 DC that has some secrets: no Is NT6 DC that has all secrets: yes Runs Active Directory Web Services: yes Runs on Windows 2012 or later: yes Forest: test.jp Domain: test.jp Domain Controller: dc.test.jp Pre-Win2k Domain: TEST Pre-Win2k Hostname: DC Server Site Name: Default-First-Site-Name Client Site Name: Default-First-Site-Name NT Version: 5 LMNT Token: ffff LM20 Token: ffff [root@f31 ~]# systemctl restart winbind Job for winbind.service failed because the control process exited with error code. See "systemctl status winbind.service" and "journalctl -xe" for details. [root@f31 ~]# systemctl enable winbind Created symlink /etc/systemd/system/multi-user.target.wants/winbind.service → /usr/lib/systemd/system/winbind.service. [root@f31 ~]# systemctl start winbind Job for winbind.service failed because the control process exited with error code. See "systemctl status winbind.service" and "journalctl -xe" for details. [root@f31 ~]# systemctl enable winbind [root@f31 ~]# wbinfo -u could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE could not obtain winbind domain name! Error looking up domain users [root@f31 ~]# dig test.jp ; <<>> DiG 9.11.7-RedHat-9.11.7-2.fc31 <<>> test.jp ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17196 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4000 ; COOKIE: 567e61e85580a82e (echoed) ;; QUESTION SECTION: ;test.jp. IN A ;; ANSWER SECTION: test.jp. 600 IN A 192.168.1.32 test.jp. 600 IN A 192.168.1.41 test.jp. 600 IN A 192.168.1.43 test.jp. 600 IN A 192.168.1.52 ;; Query time: 1 msec ;; SERVER: 192.168.1.41#53(192.168.1.41) ;; WHEN: 火 6月 25 06:24:38 JST 2019 ;; MSG SIZE rcvd: 112 [root@f31 ~]#