Как создать правильно сертификат LDAPS SAMBA DC?

Донастраивал до такой ошибки. В какую сторону дальше копать?

spoiler

[root@dc1 ~]# kinit administrator@site1.RU
Password for administrator@site1.RU: 

[root@dc1 ~]# ldapsearch -d 1 -H ldaps://dc1.site1.ru:636
ldap_url_parse_ext(ldaps://dc1.site1.ru:636)
ldap_create
ldap_url_parse_ext(ldaps://dc1.site1.ru:636/??base)
ldap_pvt_sasl_getmech
ldap_search
put_filter: "(objectclass=*)"
put_filter: simple
put_simple_filter: "objectclass=*"
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP dc1.site1.ru:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying fe8e 636
ldap_pvt_connect: fd: 3 tm: -1 async: 0
attempting to connect: 
connect success
TLS trace: SSL_connect:before SSL initialization
TLS trace: SSL_connect:SSLv3/TLS write client hello
TLS trace: SSL_connect:SSLv3/TLS write client hello
TLS trace: SSL_connect:SSLv3/TLS read server hello
TLS trace: SSL_connect:TLSv1.3 read encrypted extensions
TLS trace: SSL_connect:SSLv3/TLS read server certificate request
TLS certificate verification: depth: 1, err: 0, subject: /C=RU/ST=City/L=City obl./O=site1/OU=IT/CN=DC1.site1.RU/emailAddress=admin@site1.ru, issuer: /C=RU/ST=City/L=City obl./O=site1/OU=IT/CN=DC1.site1.RU/emailAddress=admin@site1.ru
TLS certificate verification: depth: 0, err: 0, subject: /C=RU/ST=City/L=City obl./O=kgu/OU=oktit/CN=DC1.site1.RU/emailAddress=admin@site1.ru, issuer: /C=RU/ST=City/L=City obl./O=site1/OU=IT/CN=DC1.site1.RU/emailAddress=admin@site1.ru
TLS trace: SSL_connect:SSLv3/TLS read server certificate
TLS trace: SSL_connect:TLSv1.3 read server certificate verify
TLS trace: SSL_connect:SSLv3/TLS read finished
TLS trace: SSL_connect:SSLv3/TLS write change cipher spec
TLS trace: SSL_connect:SSLv3/TLS write client certificate
TLS trace: SSL_connect:SSLv3/TLS write finished
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({) ber:
ber_flush2: 64 bytes to sd 3
ldap_result ld 0x5576f4ad1360 msgid 1
wait4msg ld 0x5576f4ad1360 msgid 1 (infinite timeout)
wait4msg continue ld 0x5576f4ad1360 msgid 1 all 1
** ld 0x5576f4ad1360 Connections:
* host: dc1.site1.ru  port: 636  (default)
  refcnt: 2  status: Connected
  last used: Wed May 15 07:55:05 2024


** ld 0x5576f4ad1360 Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x5576f4ad1360 request count 1 (abandoned 0)
** ld 0x5576f4ad1360 Response Queue:
   Empty
  ld 0x5576f4ad1360 response count 0
ldap_chkResponseList ld 0x5576f4ad1360 msgid 1 all 1
ldap_chkResponseList returns ld 0x5576f4ad1360 NULL
ldap_int_select
read1msg: ld 0x5576f4ad1360 msgid 1 all 1
ber_get_next
ber_get_next: tag 0x30 len 64 contents:
read1msg: ld 0x5576f4ad1360 msgid 1 message type search-entry
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
read1msg: ld 0x5576f4ad1360 msgid 1 message type search-result
ber_scanf fmt ({eAA) ber:
read1msg: ld 0x5576f4ad1360 0 new referrals
read1msg:  mark request completed, ld 0x5576f4ad1360 msgid 1
request done: ld 0x5576f4ad1360 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
adding response ld 0x5576f4ad1360 msgid 1 type 101:
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_scanf fmt (}) ber:
ldap_get_values
ber_scanf fmt ({x{{a) ber:
ber_scanf fmt ([v]) ber:
ldap_msgfree
ldap_sasl_interactive_bind: server supports: GSS-SPNEGO GSSAPI NTLM
ldap_int_sasl_bind: GSS-SPNEGO GSSAPI NTLM
ldap_int_sasl_open: host=dc1.site1.ru
SASL/GSSAPI authentication started
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({i) ber:
ber_flush2: 1584 bytes to sd 3
ldap_msgfree
ldap_result ld 0x5576f4ad1360 msgid 2
wait4msg ld 0x5576f4ad1360 msgid 2 (infinite timeout)
wait4msg continue ld 0x5576f4ad1360 msgid 2 all 1
** ld 0x5576f4ad1360 Connections:
* host: dc1.site1.ru  port: 636  (default)
  refcnt: 2  status: Connected
  last used: Wed May 15 07:55:05 2024


** ld 0x5576f4ad1360 Outstanding Requests:
 * msgid 2,  origid 2, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x5576f4ad1360 request count 1 (abandoned 0)
** ld 0x5576f4ad1360 Response Queue:
   Empty
  ld 0x5576f4ad1360 response count 0
ldap_chkResponseList ld 0x5576f4ad1360 msgid 2 all 1
ldap_chkResponseList returns ld 0x5576f4ad1360 NULL
ldap_int_select
read1msg: ld 0x5576f4ad1360 msgid 2 all 1
ber_get_next
ber_get_next: tag 0x30 len 172 contents:
read1msg: ld 0x5576f4ad1360 msgid 2 message type bind
ber_scanf fmt ({eAA) ber:
read1msg: ld 0x5576f4ad1360 0 new referrals
read1msg:  mark request completed, ld 0x5576f4ad1360 msgid 2
request done: ld 0x5576f4ad1360 msgid 2
res_errno: 14, res_error: <>, res_matched: <>
ldap_free_request (origid 2, msgid 2)
ldap_int_sasl_bind: <null>
ldap_parse_sasl_bind_result
ber_scanf fmt ({eAA) ber:
ber_scanf fmt (O) ber:
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_scanf fmt (x) ber:
ber_scanf fmt (}) ber:
sasl_client_step: 1
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({i) ber:
ber_flush2: 22 bytes to sd 3
ldap_msgfree
ldap_result ld 0x5576f4ad1360 msgid 3
wait4msg ld 0x5576f4ad1360 msgid 3 (infinite timeout)
wait4msg continue ld 0x5576f4ad1360 msgid 3 all 1
** ld 0x5576f4ad1360 Connections:
* host: dc1.site1.ru  port: 636  (default)
  refcnt: 2  status: Connected
  last used: Wed May 15 07:55:05 2024


** ld 0x5576f4ad1360 Outstanding Requests:
 * msgid 3,  origid 3, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x5576f4ad1360 request count 1 (abandoned 0)
** ld 0x5576f4ad1360 Response Queue:
   Empty
  ld 0x5576f4ad1360 response count 0
ldap_chkResponseList ld 0x5576f4ad1360 msgid 3 all 1
ldap_chkResponseList returns ld 0x5576f4ad1360 NULL
ldap_int_select
read1msg: ld 0x5576f4ad1360 msgid 3 all 1
ber_get_next
ber_get_next: tag 0x30 len 46 contents:
read1msg: ld 0x5576f4ad1360 msgid 3 message type bind
ber_scanf fmt ({eAA) ber:
read1msg: ld 0x5576f4ad1360 0 new referrals
read1msg:  mark request completed, ld 0x5576f4ad1360 msgid 3
request done: ld 0x5576f4ad1360 msgid 3
res_errno: 14, res_error: <>, res_matched: <>
ldap_free_request (origid 3, msgid 3)
ldap_int_sasl_bind: <null>
ldap_parse_sasl_bind_result
ber_scanf fmt ({eAA) ber:
ber_scanf fmt (O) ber:
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_scanf fmt (x) ber:
ber_scanf fmt (}) ber:
sasl_client_step: 0
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({i) ber:
ber_flush2: 56 bytes to sd 3
ldap_msgfree
ldap_result ld 0x5576f4ad1360 msgid 4
wait4msg ld 0x5576f4ad1360 msgid 4 (infinite timeout)
wait4msg continue ld 0x5576f4ad1360 msgid 4 all 1
** ld 0x5576f4ad1360 Connections:
* host: dc1.site1.ru  port: 636  (default)
  refcnt: 2  status: Connected
  last used: Wed May 15 07:55:05 2024


** ld 0x5576f4ad1360 Outstanding Requests:
 * msgid 4,  origid 4, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x5576f4ad1360 request count 1 (abandoned 0)
** ld 0x5576f4ad1360 Response Queue:
   Empty
  ld 0x5576f4ad1360 response count 0
ldap_chkResponseList ld 0x5576f4ad1360 msgid 4 all 1
ldap_chkResponseList returns ld 0x5576f4ad1360 NULL
ldap_int_select
read1msg: ld 0x5576f4ad1360 msgid 4 all 1
ber_get_next
ber_get_next: tag 0x30 len 72 contents:
read1msg: ld 0x5576f4ad1360 msgid 4 message type bind
ber_scanf fmt ({eAA) ber:
read1msg: ld 0x5576f4ad1360 0 new referrals
read1msg:  mark request completed, ld 0x5576f4ad1360 msgid 4
request done: ld 0x5576f4ad1360 msgid 4
res_errno: 53, res_error: <SASL:[GSSAPI]: Sign or Seal are not allowed if TLS is used>, res_matched: <>
ldap_free_request (origid 4, msgid 4)
ldap_int_sasl_bind: <null>
ldap_parse_sasl_bind_result
ber_scanf fmt ({eAA) ber:
ber_scanf fmt (O) ber:
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_scanf fmt (x) ber:
ber_scanf fmt (}) ber:
ldap_int_sasl_bind: rc=53 len=0
ldap_msgfree
ldap_err2string
ldap_sasl_interactive_bind_s: Server is unwilling to perform (53)
        additional info: SASL:[GSSAPI]: Sign or Seal are not allowed if TLS is used
ldap_free_connection 1 1
ldap_send_unbind
ber_flush2: 7 bytes to sd 3
TLS trace: SSL3 alert write:warning:close notify
ldap_free_connection: actually freed
[root@dc1 ~]#

Установил корневой сертификат на Windows 10. Пробую подключиться через NetTools, Выдает такое сообщение:

spoiler

Verifying the Certificate Chain
Building certificate chain
 Certificate chain count: 1
 Certificate Chain 0
  Element Count: 2
  Display Certificate
  CertContext [0][0]
  Subject Name: DC1.site1.RU
  SAN: DC1.site1.RU
  Not Before: 15.05.2024 2:44:25
  Not Before: 22.01.2038 2:44:25
  Cert Expires in 4999 days
   Certificate has Errors: 0x40
ERR: 0x40 - The revocation status of the certificate or one of the certificates in the certificate chain is unknown
   Certificate Status: 0x104
     0x4 - A name match issuer certificate has been found for this certificate
     0x100 - The certificate or chain has a preferred issuer.
  ERR: Revocation check: Failed, Error: 0x80092012
   No function available to perform revocation check
  CertContext [0][1]
  Subject Name: DC1.site1.RU
  SAN: DC1.site1.RU
  Not Before: 15.05.2024 2:42:33
  Not Before: 01.10.2051 2:42:33
  Cert Expires in 9999 days
   Certificate Status: 0x10A
     0x2 - A key match issuer certificate has been found for this certificate
     0x8 - This certificate is self-signed
     0x100 - The certificate or chain has a preferred issuer.
  Self-signed certificate
ERR: Certificate verification would have failed for this connection
Error: ldap_sslinit failed with error: Error: (0x51) Cannot contact the LDAP server

Как создать правильно сертификат LDAPS SAMBA DC?

Роман Безруков, скопировал rootCA.crt в /etc/pki/ca-trust/source/anchors/
Перезапустил сервер. Теперь выдает такой ответ:

spoiler

[root@dc1 ~]# ldapsearch -d 1 -H ldaps://dc1.site1.ru:636
ldap_url_parse_ext(ldaps://dc1.site1.ru:636)
ldap_create
ldap_url_parse_ext(ldaps://dc1.site1.ru:636/??base)
ldap_pvt_sasl_getmech
ldap_search
put_filter: "(objectclass=*)"
put_filter: simple
put_simple_filter: "objectclass=*"
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP dc1.site1.ru:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying fe80e9ae 636
ldap_pvt_connect: fd: 3 tm: -1 async: 0
attempting to connect: 
connect errno: 111
ldap_close_socket: 3
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 10.10.0.50:636
ldap_pvt_connect: fd: 3 tm: -1 async: 0
attempting to connect: 
connect errno: 111
ldap_close_socket: 3
ldap_msgfree
ldap_err2string
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)

Это он успешно подключился?

Как настроить переадресацию на другой DNS сервер?

Valentin Barbolin, Спасибо. Сделал вот так, пока работает.

_ldap._tcp.site.ru. 				IN SRV 0 0 389 dc1.site.ru.
_kerberos._tcp.site.ru. 			IN SRV 0 0 88 dc1.site.ru.
_ldap._tcp.dc._msdcs.site.ru. 		IN SRV 0 0 389 dc1.site.ru.
_kerberos._tcp.dc._msdcs.site.ru. 	IN SRV 0 0 88 dc1.site.ru.

Почему не пингуется шлюз cisco vlan?

Не помогло. Возможно какой то косяк в ios. Поставили 15 версию, все заработало. Всем спасибо

Почему не пингуется шлюз cisco vlan?

Маршрутизация

router eigrp 13
 redistribute static
 redistribute ospf 15 metric 10000 100 255 1 1500
 passive-interface default
 no passive-interface GigabitEthernet1/0/3
 no passive-interface GigabitEthernet1/0/9
 no passive-interface GigabitEthernet1/0/20
 no passive-interface GigabitEthernet1/0/26
 network 10.0.0.0
 network 85.86.87.0 0.0.0.255
 network 85.86.88.0 0.0.0.255
 network 85.86.89.0 0.0.0.255
 network 85.86.90.0 0.0.0.255
!
router ospf 15
 router-id 11.11.11.11
 log-adjacency-changes
 redistribute eigrp 13 subnets
 network 10.0.0.0 0.255.255.255 area 15
 network 85.86.87.0 0.0.0.255 area 15
 network 85.86.88.0 0.0.0.255 area 15
 network 85.86.89.0 0.0.0.255 area 15
 network 85.86.90.0 0.0.0.255 area 15
!
ip classless
ip route 0.0.0.0 0.0.0.0 85.86.87.254
ip route 0.0.0.0 0.0.0.0 Null0 250
ip route 0.0.0.0 255.0.0.0 Null0
ip route 85.86.87.0 255.255.255.0 Null0 250
ip route 85.86.87.65 255.255.255.255 85.86.87.66
ip route 85.86.87.154 255.255.255.255 85.86.87.153
ip route 85.86.87.158 255.255.255.255 85.86.87.156
ip route 85.86.87.162 255.255.255.255 85.86.87.160
ip route 85.86.87.165 255.255.255.255 85.86.87.164
ip route 85.86.88.0 255.255.255.0 Null0 250
ip route 127.0.0.0 255.0.0.0 Null0
ip route 195.88.62.20 255.255.255.255 85.86.89.253

Почему не пингуется шлюз cisco vlan?

Cisco 3750. Выше я написал как создал vlan. Может быть что то с маршрутизацией?

spoiler

gbit-gw#show vlan id 511

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
511  Servers-WhiteIp4                 active    Gi1/0/7

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
511  enet  100511     1500  -      -      -        -    -        0      0   

Remote SPAN VLAN
----------------
Disabled

Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

MAC адрес соответствует mac адресу PC1

gbit-gw#show mac address-table interface gi1/0/11
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
   1    0022.200c.7284    DYNAMIC     Gi1/0/11
Total Mac Addresses for this criterion: 1
gbit-gw#

gbit-gw#show interfaces gi1/0/11
GigabitEthernet1/0/11 is up, line protocol is up (connected) 
  Hardware is Gigabit Ethernet, address is 001b.9083.cc0b (bia 001b.9083.cc0b)
  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
  input flow-control is off, output flow-control is unsupported 
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 5w6d, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     506151 packets input, 61840950 bytes, 0 no buffer
     Received 29886 broadcasts (13497 multicasts)
     0 runts, 0 giants, 0 throttles
     8 input errors, 7 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 13497 multicast, 0 pause input
     0 input packets with dribble condition detected
     2517016 packets output, 2887148016 bytes, 0 underruns
     0 output errors, 0 collisions, 5 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out
gbit-gw#

gbit-gw#show arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface

...
Internet  85.86.87.94            -   001b.9083.cc63  ARPA   Vlan511
...

gbit-gw#

---------------------------

gbit-gw#show vlan 

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi1/0/1, Gi1/0/4, Gi1/0/10, Gi1/0/11, Gi1/0/12, Gi1/0/13, Gi1/0/14, Gi1/0/15, Gi1/0/16, Gi1/0/19

... 
511  Servers-WhiteIp4                 active    Gi1/0/7
...

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0   
2    enet  100002     1500  -      -      -        -    -        0      0   
9    enet  100009     1500  -      -      -        -    -        0      0   
18   enet  100018     1500  -      -      -        -    -        0      0   
22   enet  100022     1500  -      -      -        -    -        0      0   
35   enet  100035     1500  -      -      -        -    -        0      0   
36   enet  100036     1500  -      -      -        -    -        0      0   
          
VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
...
511  enet  100511     1500  -      -      -        -    -        0      0   
...

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

gbit-gw#

gbit-gw#show interface trunk

Port        Mode             Encapsulation  Status        Native vlan
Gi1/0/3     on               802.1q         trunking      999
Gi1/0/8     on               802.1q         trunking      999
Gi1/0/9     on               802.1q         trunking      999
Gi1/0/17    on               802.1q         trunking      999
Gi1/0/23    on               802.1q         trunking      999
Gi1/0/24    on               802.1q         trunking      999
Gi1/0/25    on               802.1q         trunking      999
Gi1/0/27    on               802.1q         trunking      999
Gi1/0/28    on               802.1q         trunking      999

Port        Vlans allowed on trunk
Gi1/0/3     1,22,103,151-152,155-157,159,200-203,777
Gi1/0/8     950,1140,4010,4046
Gi1/0/9     22,187,197
Gi1/0/17    1,77,83,103
Gi1/0/23    1,9,22,35-37,67-69,100-101,156-157,159,224
Gi1/0/24    1,22,152,159,223
Gi1/0/25    1,22,44,56,159,203,220-221
Gi1/0/27    1,9,22,66-69,155,159,999
Gi1/0/28    1,77,83

Port        Vlans allowed and active in management domain
Gi1/0/3     1,22,103,151-152,155-157,159,200-203
Gi1/0/8     950,1140,4010,4046
Gi1/0/9     22,187,197
Gi1/0/17    1,77,83,103
Gi1/0/23    1,9,22,35-37,67-69,100-101,156-157,159,224
Gi1/0/24    1,22,152,159,223
Gi1/0/25    1,22,44,56,159,203,220-221
Gi1/0/27    1,9,22,67-69,155,159
Gi1/0/28    1,77,83

Port        Vlans in spanning tree forwarding state and not pruned
Gi1/0/3     1,22,103,151-152,155-157,159,200-203
Gi1/0/8     950,1140,4010,4046
Gi1/0/9     22,187,197
Gi1/0/17    1,77,83,103
Gi1/0/23    1,9,22,35-37,67-69,100-101,156-157,159,224
Gi1/0/24    1,22,152,159,223
Gi1/0/25    1,22,44,56,159,203,220-221
Gi1/0/27    1,9,22,67-69,155,159
Gi1/0/28    1,77,83

Почему не пингуется шлюз cisco vlan?

Дмитрий, реальное оборудование

Как вывести Hyper-V из домена?

MaxKozlov,
Помогло, спасибо

Как вывести Hyper-V из домена?

MaxKozlov, Попробовал, все тоже самое

Как вывести Hyper-V из домена?

Роман Безруков, хотелось бы все таки восстановить его

Как вывести Hyper-V из домена?

Константин Цветков, да два пользователя Администратор и admin

Как настроить маршрутизация Linux (ProxMox VE)?

Сеть к сожалению не переделать. Я правильно понимаю, что нужно засунуть enp134s0f0np0 - 10.0.4.0/24 в еще один бридж например vmbr1? Или это ничего не даст?

Как исправить ошибку при обновлении Proxmox ve 7 to 8?

AUser0, Все верно.
Проделал еще раз из мануала с оф сайта. репозитории взял с сервака который уже обновил. В итоге не знаю, что из этого помогло но я обновился. Спасибо за помощь

Как исправить ошибку при обновлении Proxmox ve 7 to 8?

AUser0, Смотрел) не помогает, либо уже что то сломалось

Как исправить ошибку при обновлении Proxmox ve 7 to 8?

AUser0, та же самая ошибка.

Как исправить ошибку при обновлении Proxmox ve 7 to 8?

AUser0,
Обновляю так:

apt update -y
apt upgrade -y
apt dist-upgrade -y

Как подключить расшаренный принтер к компьютеру в домене?

Принтер расшарен так:
Скриншот:

spoiler

У всех пользователей есть права "Печать"
Скриншот:

spoiler

С компьютера в домене:
Доступа к компьютерам из рабочей группы WORKGROUP нет, вижу компьютеры которые подключены к домену.

Скриншоты:

spoiler