Kerberos/Samba 无法加入 Active Directory

当我尝试加入我的域时遇到问题。

我能够成功创建 kerberos 票证。

root@debian:~# kinit [email protected]
Password for [email protected]:
root@debian:~# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [email protected]

Valid starting       Expires              Service principal
26/04/2016 18:20:18  27/04/2016 04:20:18  krbtgt/[email protected]
        renew until 27/04/2016 18:20:11

当我尝试加入域时：

    root@debian:~# net ads join -k 
Failed to join domain: failed to lookup
    DC info for domain 'ASP.DOMAIN' over rpc: {Device Timeout} The
    specified I/O operation on %hs was not completed before the time-out period expired.

我的 krb5.conf 是：

[libdefaults]
        default_realm = ASP.DOMAIN

# The following krb5.conf variables are only for MIT Kerberos.
        krb4_config = /etc/krb.conf
        krb4_realms = /etc/krb.realms
        kdc_timesync = 1
        ccache_type = 4
        forwardable = true
        proxiable = true

[realms]
        ASP.DOMAIN = {
                kdc = asp.domain
                admin_server = server.domain
                default_domain = DOMAIN
        }

[domain_realm]
        .asp.domain = ASP.DOMAIN
        asp.domain = ASP.DOMAIN

我的 smb.conf ：

[global]
        security = ADS
        realm = ASP.DOMAIN
        password server = server.domain
        workgroup = asp.domain
        winbind separator = /
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
        template homedir = /home/%D/%U
        template shell = /bin/bash
        client use spnego = yes
        winbind use default domain = yes
        domain master = no
        local master = no
        preferred master = no
        os level = 0

我不知道：我的防火墙上没有任何下降。票没问题。我已经尝试过 3 个域控制器。

PS：域是一个变量

编辑：我也尝试过使用 samba-tool 来做到这一点

root@debian:~# samba-tool domain join ASP.DOMAIN MEMBER -UAdministrateur --real=ASP.DOMAIN
ERROR(runtime): uncaught exception - Connection to SAMR pipe of PDC for ASP.DOMAIN failed: Connection to DC failed: NT_STATUS_IO_TIMEOUT
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 606, in run
    machinepass=machinepass)

编辑2：加入可以吗？但是 wbinfo -u 不行

root@debian:~# net ads join -U Administrateur
Enter Administrateur's password:
Using short domain name -- DOMAIN
Joined 'ASP.DOMAIN' to dns domain 'asp.domain'
DNS Update for asp.kapia failed: ERROR_DNS_GSS_ERROR
DNS update failed: NT_STATUS_UNSUCCESSFUL
root@debian:~# net ads testjoin
Join is OK

root@debian:~# wbinfo -u
could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
could not obtain winbind domain name!
Error looking up domain users

编辑3：

编辑4：

root@debian:~# service winbind status
● winbind.service - LSB: start Winbind daemon
   Loaded: loaded (/etc/init.d/winbind)
   Active: active (exited) since mer. 2016-04-27 16:16:00 CEST; 55s ago
  Process: 2222 ExecStart=/etc/init.d/winbind start (code=exited, status=0/SUCCESS)

avril 27 16:16:00 debian winbindd[2233]: #5 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_timer_delay+0xcd) [0x7fbc2b11e1cd]
avril 27 16:16:00 debian winbindd[2233]: #6 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x91ca) [0x7fbc2b11f1ca]
avril 27 16:16:00 debian winbindd[2233]: #7 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x78e7) [0x7fbc2b11d8e7]
avril 27 16:16:00 debian winbindd[2233]: #8 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x8d) [0x7fbc2b11a12d]
avril 27 16:16:00 debian winbindd[2233]: #9 /usr/sbin/winbindd(main+0xb7c) [0x7fbc325cbc8c]
avril 27 16:16:00 debian winbindd[2233]: #10 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7fbc2a92db45]
avril 27 16:16:00 debian winbindd[2233]: #11 /usr/sbin/winbindd(+0x25318) [0x7fbc325cc318]
avril 27 16:16:00 debian winbindd[2233]: [2016/04/27 16:16:00.971185,  0] ../source3/lib/dumpcore.c:318(dump_core)
avril 27 16:16:00 debian winbindd[2233]: dumping core in /var/log/samba/cores/winbindd
avril 27 16:16:00 debian winbindd[2233]: