I have an Active Directory with Samba4 + bind9 + kerberos and windows 10 clients but in the beginning It was a little dificul to add the client windows 10 to AD it takes me about 5 minuts to my client knows my server but at the end login to my client windows 10 is to slowly, I get in to my session but it takes about 5 minuts and I don't know why?
Could you help me with this please? I don't know what to do
My configuration is the following:
Code: Select all
cat /etc/resolv.conf
# Generated by NetworkManager
search home.local
nameserver 192.168.102.10
nameserver 8.8.8.8
nameserver fe80::1%eth0
Code: Select all
cat /etc/hostname
resources.home.local
Code: Select all
cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.102.10 resources resources.home.local
Code: Select all
cat /etc/sysconfig/network-scripts/ifcfg-eth0TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=eth0
UUID=7907add5-d21f-46a1-a827-74330b584621
DEVICE=eth0
ONBOOT=yes
IPADDR=192.168.102.10
PREFIX=24
GATEWAY=192.168.102.133
DNS1=192.168.102.10
DNS2=8.8.8.8
ZONE=public
Code: Select all
cat /var/lib/samba/etc/smb.conf
# Global parameters
[global]
netbios name = RESOURCES
realm = HOME.LOCAL
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
workgroup = HOME
idmap_ldb:use rfc2307 = yes
[netlogon]
path = /var/lib/samba/var/locks/sysvol/home.local/scripts
read only = No
[sysvol]
path = /var/lib/samba/var/locks/sysvol
read only = No
Code: Select all
cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { 127.0.0.1; 192.168.102.0/24; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.102.0/24; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/var/lib/samba/private/named.conf";
[root@resources ~]#
Code: Select all
[root@resources ~]# cat /var/lib/samba/private/named.conf
# This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen support.
#
# This file should be included in your main BIND configuration file
#
# For example with
# include "/var/lib/samba/private/named.conf";
#
# This configures dynamically loadable zones (DLZ) from AD schema
# Uncomment only single database line, depending on your BIND version
#
dlz "AD DNS Zone" {
# For BIND 9.8.x
# database "dlopen /usr/local/samba/lib/bind9/dlz_bind9.so";
# For BIND 9.9.x
database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_9.so";
# For BIND 9.10.x
# database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_10.so";
# For BIND 9.11.x
# database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_11.so";
};