active directory and login from windows 10 to slowly

Issues related to configuring your network
nharmando
Posts: 5
Joined: 2017/11/10 23:48:29

active directory and login from windows 10 to slowly

Postby nharmando » 2017/11/16 02:37:22

Hello friends,

I have an Active Directory with Samba4 + bind9 + kerberos and windows 10 clients but in the beginning It was a little dificul to add the client windows 10 to AD it takes me about 5 minuts to my client knows my server but at the end login to my client windows 10 is to slowly, I get in to my session but it takes about 5 minuts and I don't know why?


Could you help me with this please? I don't know what to do

My configuration is the following:

Code: Select all

cat /etc/resolv.conf
# Generated by NetworkManager
search home.local
nameserver 192.168.102.10
nameserver 8.8.8.8
nameserver fe80::1%eth0



Code: Select all

cat /etc/hostname
resources.home.local


Code: Select all

cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.102.10  resources       resources.home.local


Code: Select all

cat /etc/sysconfig/network-scripts/ifcfg-eth0TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=eth0
UUID=7907add5-d21f-46a1-a827-74330b584621
DEVICE=eth0
ONBOOT=yes
IPADDR=192.168.102.10
PREFIX=24
GATEWAY=192.168.102.133
DNS1=192.168.102.10
DNS2=8.8.8.8
ZONE=public



Code: Select all

cat /var/lib/samba/etc/smb.conf
# Global parameters
[global]
        netbios name = RESOURCES
        realm = HOME.LOCAL
        server role = active directory domain controller
        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
        workgroup = HOME
        idmap_ldb:use rfc2307 = yes

[netlogon]
        path = /var/lib/samba/var/locks/sysvol/home.local/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/var/locks/sysvol
        read only = No



Code: Select all

cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
        listen-on port 53 { 127.0.0.1; 192.168.102.0/24; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 192.168.102.0/24; };

        /*
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable
           recursion.
         - If your recursive DNS server has a public IP address, you MUST enable access
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface
        */
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/var/lib/samba/private/named.conf";
[root@resources ~]#


Code: Select all

[root@resources ~]# cat /var/lib/samba/private/named.conf
# This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen support.
#
# This file should be included in your main BIND configuration file
#
# For example with
# include "/var/lib/samba/private/named.conf";

#
# This configures dynamically loadable zones (DLZ) from AD schema
# Uncomment only single database line, depending on your BIND version
#
dlz "AD DNS Zone" {
    # For BIND 9.8.x
    # database "dlopen /usr/local/samba/lib/bind9/dlz_bind9.so";

    # For BIND 9.9.x
     database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_9.so";

    # For BIND 9.10.x
    # database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_10.so";

    # For BIND 9.11.x
    # database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_11.so";
};


I don't think that is a issue about firewall because I can login in my client windows 10 but it's really slowly

sidusnare
Posts: 10
Joined: 2017/11/15 18:19:49

Re: active directory and login from windows 10 to slowly

Postby sidusnare » 2017/11/17 21:03:16

I had this same trouble, and I am sorry to report I do not know how to fix it.
My solution, in the end, was to use FreeIPA and pGina.

nharmando
Posts: 5
Joined: 2017/11/10 23:48:29

Re: active directory and login from windows 10 to slowly

Postby nharmando » 2017/11/17 21:08:14

Thank you for your response,

To be honest I don't know why it's the issue.

But I've tried with opensuse leap and it works fine!!

tunk
Posts: 209
Joined: 2017/02/22 15:08:17

Re: active directory and login from windows 10 to slowly

Postby tunk » 2017/11/17 23:45:52

A long, long time age I a had a similar problem, something taking around 3 minutes. I don't remember what it was, but it wasn't AD. I think it was "fixed" by disabling IPV6.