active directory and login from windows 10 to slowly

Issues related to configuring your network
Post Reply
Posts: 5
Joined: 2017/11/10 23:48:29

active directory and login from windows 10 to slowly

Post by nharmando » 2017/11/16 02:37:22

Hello friends,

I have an Active Directory with Samba4 + bind9 + kerberos and windows 10 clients but in the beginning It was a little dificul to add the client windows 10 to AD it takes me about 5 minuts to my client knows my server but at the end login to my client windows 10 is to slowly, I get in to my session but it takes about 5 minuts and I don't know why?

Could you help me with this please? I don't know what to do

My configuration is the following:

Code: Select all

cat /etc/resolv.conf 
# Generated by NetworkManager
search home.local
nameserver fe80::1%eth0

Code: Select all

cat /etc/hostname 

Code: Select all

cat /etc/hosts   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6  resources       resources.home.local

Code: Select all

cat /etc/sysconfig/network-scripts/ifcfg-eth0TYPE=Ethernet

Code: Select all

cat /var/lib/samba/etc/smb.conf 
# Global parameters
        netbios name = RESOURCES
        realm = HOME.LOCAL
        server role = active directory domain controller
        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
        workgroup = HOME
        idmap_ldb:use rfc2307 = yes

        path = /var/lib/samba/var/locks/sysvol/home.local/scripts
        read only = No

        path = /var/lib/samba/var/locks/sysvol
        read only = No

Code: Select all

cat /etc/named.conf 
// named.conf
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
// See /usr/share/doc/bind*/sample/ for example named configuration files.
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
        listen-on port 53 {;; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost;; };

         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable 
         - If your recursive DNS server has a public IP address, you MUST enable access 
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification 
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface 
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/";
        session-keyfile "/run/named/session.key";

logging {
        channel default_debug {
                file "data/";
                severity dynamic;

zone "." IN {
        type hint;
        file "";

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/var/lib/samba/private/named.conf";
[root@resources ~]#

Code: Select all

[root@resources ~]# cat /var/lib/samba/private/named.conf
# This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen support.
# This file should be included in your main BIND configuration file
# For example with
# include "/var/lib/samba/private/named.conf";

# This configures dynamically loadable zones (DLZ) from AD schema
# Uncomment only single database line, depending on your BIND version
dlz "AD DNS Zone" {
    # For BIND 9.8.x
    # database "dlopen /usr/local/samba/lib/bind9/";

    # For BIND 9.9.x
     database "dlopen /usr/local/samba/lib/bind9/";

    # For BIND 9.10.x
    # database "dlopen /usr/local/samba/lib/bind9/";

    # For BIND 9.11.x
    # database "dlopen /usr/local/samba/lib/bind9/";
I don't think that is a issue about firewall because I can login in my client windows 10 but it's really slowly

Posts: 10
Joined: 2017/11/15 18:19:49

Re: active directory and login from windows 10 to slowly

Post by sidusnare » 2017/11/17 21:03:16

I had this same trouble, and I am sorry to report I do not know how to fix it.
My solution, in the end, was to use FreeIPA and pGina.

Posts: 5
Joined: 2017/11/10 23:48:29

Re: active directory and login from windows 10 to slowly

Post by nharmando » 2017/11/17 21:08:14

Thank you for your response,

To be honest I don't know why it's the issue.

But I've tried with opensuse leap and it works fine!!

Posts: 447
Joined: 2017/02/22 15:08:17

Re: active directory and login from windows 10 to slowly

Post by tunk » 2017/11/17 23:45:52

A long, long time age I a had a similar problem, something taking around 3 minutes. I don't remember what it was, but it wasn't AD. I think it was "fixed" by disabling IPV6.

Post Reply