root@debian:~# kinit administrator Password for administrator@TEST.JP: root@debian:~# net ads join -U administrator Enter administrator's password: Using short domain name -- TEST Joined 'DEBIAN' to dns domain 'test.jp' No DNS domain configured for debian. Unable to perform DNS Update. DNS update failed: NT_STATUS_INVALID_PARAMETER root@debian:~# systemctl restart winbind root@debian:~# wbinfo -u TEST\administrator TEST\guest TEST\krbtgt TEST\chibi root@debian:~# wbinfo -n chibi S-1-5-21-995094434-2370853644-3769685270-1103 SID_USER (1) root@debian:~# net ads info LDAP server: 192.168.1.28 LDAP server name: dc.test.jp Realm: TEST.JP Bind Path: dc=TEST,dc=JP LDAP port: 389 Server time: 木, 07 1月 2021 16:08:49 JST KDC server: 192.168.1.28 Server time offset: -7 Last machine account password change: 木, 07 1月 2021 16:07:59 JST root@debian:~# host -4 dc dc.test.jp has address 192.168.1.28 dc.test.jp has address 192.168.1.22 dc.test.jp has IPv6 address 2400:4052:46e0:b700:b462:ad0e:dd8c:96f4 dc.test.jp has IPv6 address 2400:4052:46e0:b700:15dc:bd6:5817:24fc root@debian:~# host -4 dc1 dc1.test.jp has address 192.168.1.25 dc1.test.jp has IPv6 address 2400:4052:46e0:b700:c0ac:f44c:e63:2b0 root@debian:~# host -4 dc2 dc2.test.jp has address 192.168.1.27 dc2.test.jp has IPv6 address 2400:4052:46e0:b700:250f:3df1:1c43:8fcd root@debian:~# host -t SRV _ldap._tcp.test.jp _ldap._tcp.test.jp has SRV record 0 100 389 dc2.test.jp. _ldap._tcp.test.jp has SRV record 0 100 389 dc.test.jp. _ldap._tcp.test.jp has SRV record 0 100 389 dc1.test.jp. root@debian:~# host -t SRV _kerberos._udp.test.jp _kerberos._udp.test.jp has SRV record 0 100 88 dc1.test.jp. _kerberos._udp.test.jp has SRV record 0 100 88 dc2.test.jp. _kerberos._udp.test.jp has SRV record 0 100 88 dc.test.jp. root@debian:~# host -t A test.jp test.jp has address 192.168.1.22 test.jp has address 192.168.1.27 test.jp has address 192.168.1.28 test.jp has address 192.168.1.25 root@debian:~# cat /etc/os-release PRETTY_NAME="Debian GNU/Linux bullseye/sid" NAME="Debian GNU/Linux" ID=debian HOME_URL="https://www.debian.org/" SUPPORT_URL="https://www.debian.org/support" BUG_REPORT_URL="https://bugs.debian.org/" root@debian:~# samba -V Version 4.13.2-Debian root@debian:~# smbclient //192.168.1.22/netlogon -Uadministrator Enter TEST\administrator's password: Try "help" to get a list of possible commands. smb: \> ls . D 0 Sun Jan 3 10:57:47 2021 .. D 0 Sun Jan 3 10:57:47 2021 124869119 blocks of size 4096. 106612835 blocks available smb: \> exit root@debian:~# smbclient //192.168.1.22/sysvol -Uadministrator Enter TEST\administrator's password: Try "help" to get a list of possible commands. smb: \> ls . D 0 Sun Jan 3 10:57:47 2021 .. D 0 Sun Jan 3 10:57:47 2021 test.jp Dr 0 Sun Jan 3 10:57:47 2021 124869119 blocks of size 4096. 106612835 blocks available smb: \> exit root@debian:~# net ads lookup Information for Domain Controller: 192.168.1.28 Response Type: LOGON_SAM_LOGON_RESPONSE_EX GUID: c8e0ec6a-8685-4987-934d-94b20f0e089e Flags: Is a PDC: yes Is a GC of the forest: yes Is an LDAP server: yes Supports DS: yes Is running a KDC: yes Is running time services: yes Is the closest DC: yes Is writable: yes Has a hardware clock: yes Is a non-domain NC serviced by LDAP server: no Is NT6 DC that has some secrets: no Is NT6 DC that has all secrets: yes Runs Active Directory Web Services: yes Runs on Windows 2012 or later: yes Forest: test.jp Domain: test.jp Domain Controller: dc.test.jp Pre-Win2k Domain: TEST Pre-Win2k Hostname: DC Server Site Name: Default-First-Site-Name Client Site Name: Default-First-Site-Name NT Version: 5 LMNT Token: ffff LM20 Token: ffff root@debian:~# dig test.jp ; <<>> DiG 9.16.8-Debian <<>> test.jp ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37355 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4000 ;; QUESTION SECTION: ;test.jp. IN A ;; ANSWER SECTION: test.jp. 600 IN A 192.168.1.25 test.jp. 600 IN A 192.168.1.28 test.jp. 600 IN A 192.168.1.27 test.jp. 600 IN A 192.168.1.22 ;; Query time: 0 msec ;; SERVER: 192.168.1.22#53(192.168.1.22) ;; WHEN: 木 1月 07 16:12:00 JST 2021 ;; MSG SIZE rcvd: 100 root@debian:~# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrator@TEST.JP Valid starting Expires Service principal 2021-01-07T16:07:31 2021-01-08T02:07:31 krbtgt/TEST.JP@TEST.JP renew until 2021-01-08T16:07:26 root@debian:~# wbinfo -t checking the trust secret for domain TEST via RPC calls succeeded root@debian:~# wbinfo -g TEST\domain computers TEST\domain controllers TEST\schema admins TEST\enterprise admins TEST\cert publishers TEST\domain admins TEST\domain users TEST\domain guests TEST\group policy creator owners TEST\ras and ias servers TEST\allowed rodc password replication group TEST\denied rodc password replication group TEST\read-only domain controllers TEST\enterprise read-only domain controllers TEST\cloneable domain controllers TEST\protected users TEST\key admins TEST\enterprise key admins TEST\dnsadmins TEST\dnsupdateproxy root@debian:~#