root@debian:~# kinit administrator
Password for administrator@TEST.JP:
root@debian:~# net ads join -U administrator
Enter administrator's password:
Using short domain name -- TEST
Joined 'DEBIAN' to dns domain 'test.jp'
No DNS domain configured for debian. Unable to perform DNS Update.
DNS update failed: NT_STATUS_INVALID_PARAMETER
root@debian:~# systemctl restart winbind
root@debian:~# wbinfo -u
TEST\administrator
TEST\guest
TEST\krbtgt
TEST\chibi
root@debian:~# wbinfo -n chibi
S-1-5-21-995094434-2370853644-3769685270-1103 SID_USER (1)
root@debian:~# net ads info
LDAP server: 192.168.1.28
LDAP server name: dc.test.jp
Realm: TEST.JP
Bind Path: dc=TEST,dc=JP
LDAP port: 389
Server time: 木, 07  1月 2021 16:08:49 JST
KDC server: 192.168.1.28
Server time offset: -7
Last machine account password change: 木, 07  1月 2021 16:07:59 JST
root@debian:~# host -4 dc
dc.test.jp has address 192.168.1.28
dc.test.jp has address 192.168.1.22
dc.test.jp has IPv6 address 2400:4052:46e0:b700:b462:ad0e:dd8c:96f4
dc.test.jp has IPv6 address 2400:4052:46e0:b700:15dc:bd6:5817:24fc
root@debian:~# host -4 dc1
dc1.test.jp has address 192.168.1.25
dc1.test.jp has IPv6 address 2400:4052:46e0:b700:c0ac:f44c:e63:2b0
root@debian:~# host -4 dc2
dc2.test.jp has address 192.168.1.27
dc2.test.jp has IPv6 address 2400:4052:46e0:b700:250f:3df1:1c43:8fcd
root@debian:~# host -t SRV _ldap._tcp.test.jp
_ldap._tcp.test.jp has SRV record 0 100 389 dc2.test.jp.
_ldap._tcp.test.jp has SRV record 0 100 389 dc.test.jp.
_ldap._tcp.test.jp has SRV record 0 100 389 dc1.test.jp.
root@debian:~# host -t SRV _kerberos._udp.test.jp
_kerberos._udp.test.jp has SRV record 0 100 88 dc1.test.jp.
_kerberos._udp.test.jp has SRV record 0 100 88 dc2.test.jp.
_kerberos._udp.test.jp has SRV record 0 100 88 dc.test.jp.
root@debian:~# host -t A test.jp
test.jp has address 192.168.1.22
test.jp has address 192.168.1.27
test.jp has address 192.168.1.28
test.jp has address 192.168.1.25
root@debian:~# cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux bullseye/sid"
NAME="Debian GNU/Linux"
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
root@debian:~# samba -V
Version 4.13.2-Debian
root@debian:~# smbclient //192.168.1.22/netlogon -Uadministrator
Enter TEST\administrator's password:
Try "help" to get a list of possible commands.
smb: \> ls
  .                                   D        0  Sun Jan  3 10:57:47 2021
  ..                                  D        0  Sun Jan  3 10:57:47 2021

                124869119 blocks of size 4096. 106612835 blocks available
smb: \> exit
root@debian:~# smbclient //192.168.1.22/sysvol -Uadministrator
Enter TEST\administrator's password:
Try "help" to get a list of possible commands.
smb: \> ls
  .                                   D        0  Sun Jan  3 10:57:47 2021
  ..                                  D        0  Sun Jan  3 10:57:47 2021
  test.jp                            Dr        0  Sun Jan  3 10:57:47 2021

                124869119 blocks of size 4096. 106612835 blocks available
smb: \> exit
root@debian:~# net ads lookup
Information for Domain Controller: 192.168.1.28

Response Type: LOGON_SAM_LOGON_RESPONSE_EX
GUID: c8e0ec6a-8685-4987-934d-94b20f0e089e
Flags:
        Is a PDC:                                   yes
        Is a GC of the forest:                      yes
        Is an LDAP server:                          yes
        Supports DS:                                yes
        Is running a KDC:                           yes
        Is running time services:                   yes
        Is the closest DC:                          yes
        Is writable:                                yes
        Has a hardware clock:                       yes
        Is a non-domain NC serviced by LDAP server: no
        Is NT6 DC that has some secrets:            no
        Is NT6 DC that has all secrets:             yes
        Runs Active Directory Web Services:         yes
        Runs on Windows 2012 or later:              yes
Forest: test.jp
Domain: test.jp
Domain Controller: dc.test.jp
Pre-Win2k Domain: TEST
Pre-Win2k Hostname: DC
Server Site Name: Default-First-Site-Name
Client Site Name: Default-First-Site-Name
NT Version: 5
LMNT Token: ffff
LM20 Token: ffff
root@debian:~# dig test.jp

; <<>> DiG 9.16.8-Debian <<>> test.jp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37355
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;test.jp.                       IN      A

;; ANSWER SECTION:
test.jp.                600     IN      A       192.168.1.25
test.jp.                600     IN      A       192.168.1.28
test.jp.                600     IN      A       192.168.1.27
test.jp.                600     IN      A       192.168.1.22

;; Query time: 0 msec
;; SERVER: 192.168.1.22#53(192.168.1.22)
;; WHEN: 木  1月 07 16:12:00 JST 2021
;; MSG SIZE  rcvd: 100

root@debian:~# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@TEST.JP

Valid starting       Expires              Service principal
2021-01-07T16:07:31  2021-01-08T02:07:31  krbtgt/TEST.JP@TEST.JP
        renew until 2021-01-08T16:07:26
root@debian:~# wbinfo -t
checking the trust secret for domain TEST via RPC calls succeeded
root@debian:~# wbinfo -g
TEST\domain computers
TEST\domain controllers
TEST\schema admins
TEST\enterprise admins
TEST\cert publishers
TEST\domain admins
TEST\domain users
TEST\domain guests
TEST\group policy creator owners
TEST\ras and ias servers
TEST\allowed rodc password replication group
TEST\denied rodc password replication group
TEST\read-only domain controllers
TEST\enterprise read-only domain controllers
TEST\cloneable domain controllers
TEST\protected users
TEST\key admins
TEST\enterprise key admins
TEST\dnsadmins
TEST\dnsupdateproxy
root@debian:~#