FreeBSD 13.0-CURRENT r348764 Samba4.6.16 Windows Server 2016 Datacenter Active Directory Domainのメンバーに参加してみた

root@freebsd:~ # kinit administrator
administrator@TEST.JP’s Password:
root@freebsd:~ # net ads join -U administrator
Enter administrator’s password:
gse_get_client_auth_token: gss_init_sec_context failed with [ Miscellaneous failure (see text): Clock skew too great](2529638949)
kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed for ldap/dc.test.jp with user[administrator] realm[TEST.JP]: Logon failure
Failed to join domain: failed to connect to AD: Logon failure　→★エラー
root@freebsd:~ # date
Wed Jun 12 15:55:18 JST 2019
root@freebsd:~ # ntpdate ntp.nict.jp →■時刻の修正
12 Jun 06:53:34 ntpdate[1200]: step time server 133.243.238.163 offset -32534.841760 sec
root@freebsd:~ # net ads join -U administrator
Enter administrator’s password:
Using short domain name — TEST
Joined ‘FREEBSD’ to dns domain ‘test.jp’→●Joineに成功
No DNS domain configured for freebsd. Unable to perform DNS Update.
DNS update failed: NT_STATUS_INVALID_PARAMETER
root@freebsd:~ # service samba_server start
Performing sanity check on Samba configuration: OK
Starting nmbd.
Starting smbd.
Starting winbindd.
root@freebsd:~ # wbinfo -u
TEST\guest
TEST\defaultaccount
TEST\administrator
TEST\krbtgt
TEST\chibi
root@freebsd:~ # wbinfo -n chibi
S-1-5-21-3866720368-3273965808-1478398572-1103 SID_USER (1)
root@freebsd:~ # net ads info
LDAP server: 192.168.1.52
LDAP server name: dc1.test.jp
Realm: TEST.JP
Bind Path: dc=TEST,dc=JP
LDAP port: 389
Server time: Wed, 12 Jun 2019 06:54:28 JST
KDC server: 192.168.1.52
Server time offset: -2
Last machine account password change: Wed, 12 Jun 2019 06:53:50 JST
root@freebsd:~ # host -4 dc
dc.test.jp has address 192.168.1.43
dc.test.jp has address 192.168.1.41
dc.test.jp has IPv6 address 2400:4052:46e0:b700:d0cb:a843:f2ba:fd28
dc.test.jp has IPv6 address 2400:4052:46e0:b700:9c17:70c2:f128:4f74
root@freebsd:~ # host -4 dc1
dc1.test.jp has address 192.168.1.52
dc1.test.jp has IPv6 address 2400:7800:47e0:1700:a555:f9b5:10f3:2a15
root@freebsd:~ # host -4 dc2
dc2.test.jp has address 192.168.1.32
dc2.test.jp has IPv6 address 2400:7800:47e0:1700:d908:2730:71f3:20c
root@freebsd:~ # host -t SRV _ldap._tcp.test.jp
_ldap._tcp.test.jp has SRV record 0 100 389 dc2.test.jp.
_ldap._tcp.test.jp has SRV record 0 100 389 dc.test.jp.
_ldap._tcp.test.jp has SRV record 0 100 389 dc1.test.jp.
root@freebsd:~ # host -t SRV _kerberos._udp.test.jp
_kerberos._udp.test.jp has SRV record 0 100 88 dc2.test.jp.
_kerberos._udp.test.jp has SRV record 0 100 88 dc.test.jp.
_kerberos._udp.test.jp has SRV record 0 100 88 dc1.test.jp.
root@freebsd:~ # host -t A dc1.test.jp.
dc1.test.jp has address 192.168.1.52
root@freebsd:~ # host -t A test.jp.
test.jp has address 192.168.1.52
test.jp has address 192.168.1.32
test.jp has address 192.168.1.41
test.jp has address 192.168.1.43
root@freebsd:~ # smbclient //192.168.1.41/netlogon -Uadministrator
FreeBSD 13.0-CURRENT r348764 Samba4.6.16 Windows Server 2016 Datacenter Active Directory Domainのメンバーに参加してみた