[Samba] Samba AD 4.8.3 Windows Server 2016 Active Directory Users and Computers: The procedure number is out of range

Thomas Glanzmann thomas at glanzmann.de
Wed Jul 18 15:25:51 UTC 2018 

Hello,
I try to connect with Active Directory Users and Computers from a
W2k16 to a Samba 4.8.3 DC. I get the following error message:

https://thomas.glanzmann.de/static/63a3e0ba-8a9d-11e8-891f-f3ff022aacb0/screenshot-x1-2018-07-18-17_12_49.png

---------------------------
Active Directory Domain Services
---------------------------
Naming information cannot be located because:

The procedure number is out of range.

Contact your system administrator to verify that your domain is properly configured and is currently online.
---------------------------
OK
---------------------------

In the logs with debug level 3 I don't see anything. My Samba Config and
setup script is here, my logs as well:

https://thomas.glanzmann.de/static/63a3e0ba-8a9d-11e8-891f-f3ff022aacb0/

But what I really would like to do is enable the following:

https://livelibrary.osisoft.com/LiveLibrary/content/en/vision-v1/GUID-799220A0-4967-45CE-A592-45E3FC10C752#addHistory=true&filename=GUID-4B33BAFA-A923-4550-B3DC-CAD83E3C0587.xml&docid=GUID-799220A0-4967-45CE-A592-45E3FC10C752&inner_id=&tid=&query=&scope=&resource=&toc=false&eventType=lcContent.loadDocGUID-799220A0-4967-45CE-A592-45E3FC10C752

Setup delegation for a machine account 'Trust this computer for
delegation to any service (Kerberos only)'. Is there a way to do this
from the command line? For the user account I think that, I found it:

(infra) [/local/samba-config/v101] / /local/samba/bin/samba-tool delegation for-any-protocol  -s /home/sithglan/work/scripts/lab/output/smb-v101.conf Administrator on
ldb_wrap open of secrets.ldb
(infra) [/local/samba-config/v101] / /local/samba/bin/samba-tool delegation for-any-service  -s /home/sithglan/work/scripts/lab/output/smb-v101.conf Administrator on
(infra) [/local/samba-config/v101] / /local/samba/bin/samba-tool delegation show -s /home/sithglan/work/scripts/lab/output/smb-v101.conf Administrator

Note, my goal is to run 9 different active directory domains in different
VLANs, so far I succeeded. And with samba my setup time went down from 10
minutes to 15 seconds. I'm setting up Active Directory Domains for training
environments on a regular basis (once a week).

I'm grateful for any pointers.

Cheers,
        Thomas

More information about the samba mailing list