[root@f35 ~]# kinit administrator Password for administrator@TEST.JP: [root@f35 ~]# net ads join -U administrator Password for [TEST\administrator]: Using short domain name -- TEST Joined 'F35' to dns domain 'test.jp' No DNS domain configured for f35. Unable to perform DNS Update. DNS update failed: NT_STATUS_INVALID_PARAMETER [root@f35 ~]# systemctl restart winbind [root@f35 ~]# wbinfo -u TEST\guest TEST\administrator TEST\krbtgt TEST\chibi [root@f35 ~]# wbinfo -n chibi S-1-5-21-1012771763-839831778-3776763773-1104 SID_USER (1) [root@f35 ~]# net ads info LDAP server: 0.0.0.0 LDAP server name: (null) Realm: (null) Bind Path: (null) LDAP port: 0 Server time: 水, 08 9月 2021 08:05:02 JST KDC server: 192.168.1.82 Server time offset: 1 Last machine account password change: 木, 01 1月 1970 09:00:00 JST [root@f35 ~]# host -4 dc dc.test.jp has address 192.168.1.68 dc.test.jp has address 192.168.1.35 dc.test.jp has IPv6 address 2400:4052:46e0:b700:ecf3:c228:e4ef:72f dc.test.jp has IPv6 address 2400:4052:46e0:b700:533:e143:1791:c22e [root@f35 ~]# host -4 dc1 dc1.test.jp has address 192.168.1.81 dc1.test.jp has IPv6 address 2400:4052:46e0:b700:19a8:18e2:aaf1:3f42 [root@f35 ~]# host -4 dc2 dc2.test.jp has address 192.168.1.82 dc2.test.jp has IPv6 address 2400:4052:46e0:b700:8134:3c75:f74d:e812 [root@f35 ~]# host -t SRV _ldap._tcp.test.jp _ldap._tcp.test.jp has SRV record 0 100 389 dc2.test.jp. _ldap._tcp.test.jp has SRV record 0 100 389 dc1.test.jp. _ldap._tcp.test.jp has SRV record 0 100 389 dc.test.jp. [root@f35 ~]# host -t SRV _kerberos._udp.test.jp _kerberos._udp.test.jp has SRV record 0 100 88 dc1.test.jp. _kerberos._udp.test.jp has SRV record 0 100 88 dc2.test.jp. _kerberos._udp.test.jp has SRV record 0 100 88 dc.test.jp. [root@f35 ~]# host -t A test.jp test.jp has address 192.168.1.35 test.jp has address 192.168.1.68 test.jp has address 192.168.1.81 test.jp has address 192.168.1.82 [root@f35 ~]# cat /etc/redhat-release Fedora release 35 (Thirty Five) [root@f35 ~]# samba -V Version 4.15.0rc4 [root@f35 ~]# smbclient //192.168.1.35/netlogon -Uadministrator Password for [TEST\administrator]: Try "help" to get a list of possible commands. smb: \> ls . D 0 Tue Sep 7 17:15:31 2021 .. D 0 Tue Sep 7 17:26:56 2021 244007423 blocks of size 4096. 227591563 blocks available smb: \> exit [root@f35 ~]# smbclient //192.168.1.35/sysvol -Uadministrator Password for [TEST\administrator]: Try "help" to get a list of possible commands. smb: \> ls . D 0 Tue Sep 7 17:15:31 2021 .. D 0 Tue Sep 7 17:15:31 2021 test.jp Dr 0 Tue Sep 7 17:15:31 2021 244007423 blocks of size 4096. 227591526 blocks available smb: \> exit [root@f35 ~]# net ads lookup Information for Domain Controller: 192.168.1.82 Response Type: LOGON_SAM_LOGON_RESPONSE_EX GUID: 5abd7110-3b10-4b5e-bcde-88ac28bcdf1a Flags: Is a PDC: no Is a GC of the forest: yes Is an LDAP server: yes Supports DS: yes Is running a KDC: yes Is running time services: yes Is the closest DC: yes Is writable: yes Has a hardware clock: no Is a non-domain NC serviced by LDAP server: no Is NT6 DC that has some secrets: no Is NT6 DC that has all secrets: yes Runs Active Directory Web Services: yes Runs on Windows 2012 or later: yes Forest: test.jp Domain: test.jp Domain Controller: dc2.test.jp Pre-Win2k Domain: TEST Pre-Win2k Hostname: DC2 Server Site Name: Default-First-Site-Name Client Site Name: Default-First-Site-Name NT Version: 5 LMNT Token: ffff LM20 Token: ffff [root@f35 ~]# dig test.jp ; <<>> DiG 9.16.20-RH <<>> test.jp ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34634 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4000 ;; QUESTION SECTION: ;test.jp. IN A ;; ANSWER SECTION: test.jp. 600 IN A 192.168.1.68 test.jp. 600 IN A 192.168.1.35 test.jp. 600 IN A 192.168.1.82 test.jp. 600 IN A 192.168.1.81 ;; Query time: 2 msec ;; SERVER: 192.168.1.35#53(192.168.1.35) ;; WHEN: Wed Sep 08 08:07:39 JST 2021 ;; MSG SIZE rcvd: 100 [root@f35 ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrator@TEST.JP Valid starting Expires Service principal 2021-09-08T08:03:52 2021-09-08T18:03:52 krbtgt/TEST.JP@TEST.JP renew until 2021-09-09T08:03:46 [root@f35 ~]# wbinfo -t checking the trust secret for domain TEST via RPC calls succeeded [root@f35 ~]# wbinfo -g TEST\domain computers TEST\cert publishers TEST\domain users TEST\domain guests TEST\ras and ias servers TEST\allowed rodc password replication group TEST\enterprise read-only domain controllers TEST\cloneable domain controllers TEST\protected users TEST\enterprise key admins TEST\key admins TEST\read-only domain controllers TEST\domain controllers TEST\schema admins TEST\denied rodc password replication group TEST\domain admins TEST\enterprise admins TEST\group policy creator owners TEST\dnsadmins TEST\dnsupdateproxy [root@f35 ~]#