I have a network with Windows Server 2003 Active Directory server and Windows 11 computers. My plan is to replace Windows Server 2003 with Fedora Linux Server Edition - fedora 40. I could test it with Windows 11 clients and one Fedora Linux 40 client.
The old realm is SONCANALS. The new realm is SCNG.
I followed guide of the Fedora Magazine.
Configurations
The server IP is
10.216.1.16and domain isscng.educaibServer hostname is
l1.scng.educaibsamba.conf:cat /etc/samba/smb.conf # Global parameters [global] dns forwarder = 1.1.1.1 netbios name = L1 realm = SCNG.EDUCAIB server role = active directory domain controller workgroup = SCNG idmap_ldb:use rfc2307 = yes ldap server require strong auth = no [sysvol] path = /var/lib/samba/sysvol read only = No [netlogon] path = /var/lib/samba/sysvol/scng/scripts read only = NoKerberos config:
# cat /etc/krb5.conf.d/samba-dc [libdefaults] default_realm = SCNG.EDUCAIB dns_lookup_realm = false dns_lookup_kdc = true [realms] SCNG.EDUCAIB = { default_domain = SCNG } [domain_realm] l1.scng.educaib = SCNG.EDUCAIB/etc/systemd/resolved.conf.d/custom.conf:[Resolve] DNSStubListener=no Domains=scng.educaib DNS=10.216.1.16
I have one machine with Fedora 40 which I use to test samba. When I test all is fine (section "Testing" in tutorial guide). When I run realm discover, I get only old realm, not the new one:
realm discover -v
* Resolving: _ldap._tcp.soncanals
* Performing LDAP DSE lookup on: 10.216.1.2
* Performing LDAP DSE lookup on: 10.216.1.10
* Performing LDAP DSE lookup on: 10.216.1.4
* Successfully discovered: soncanals
soncanals
type: kerberos
realm-name: SONCANALS
domain-name: soncanals
configured: no
server-software: active-directory
client-software: sssd
required-package: sssd-common
required-package: oddjob
required-package: oddjob-mkhomedir
required-package: sssd-ad
required-package: adcli
required-package: samba-common-tools
In Windows, when I try to join to SCNG, I am prompted for administrator logon, but when I put credentials it takes too long and it leaves dialog.
How can I triage the problem here? For example, which logs can I see (I have a lot in /var/log/samba/). My samba version i 4.20.5.
My priority is to join new domain and login to Windows as regular user in this domain. I discard for the moment sharing directories.
Edit (2024-11-11): The tests in Fedora Magazine guide are passed OK:
Testing
Connectivity test
$ smbclient -L localhost -N
Anonymous login successful
Sharename Type Comment
--------- ---- -------
sysvol Disk
netlogon Disk
IPC$ IPC IPC Service (Samba 4.21.1)
SMB1 disabled -- no workgroup available
$ smbclient //localhost/netlogon -UAdministrator -c 'ls'
Password for [SCNG\Administrator]:
. D 0 Thu Oct 31 10:17:05 2024
.. D 0 Thu Oct 31 10:17:05 2024
15663104 blocks of size 1024. 12979380 blocks available
DNS Test
$ host -t SRV _ldap._tcp.scng.educaib.
_ldap._tcp.scng.educaib has SRV record 0 100 389 l1.scng.educaib.
$ host -t SRV _kerberos._udp.scng.educaib.
_kerberos._udp.scng.educaib has SRV record 0 100 88 l1.scng.educaib.
$ host -t A l1.scng.educaib.
l1.scng.educaib has address 10.216.1.16
Kerberos test
$ kinit administrator
Password for [email protected]:
ladmin@l1:~$ klist
Ticket cache: KCM:1000
Default principal: [email protected]
Valid starting Expires Service principal
11/11/24 10:15:10 11/11/24 20:15:10 krbtgt/[email protected]
renew until 18/11/24 10:15:06