[Samba] Samba AD 4.8.3 Windows Server 2016 Active Directory Users and Computers: The procedure number is out of range

Thomas Glanzmann thomas at glanzmann.de
Wed Jul 18 17:19:28 UTC 2018

Hello Rowland,

> > > time server = yes

> You DO NOT need it.

I read the manpage again and I think now I got it. So this is some
netbios time server thing. That I really don't need. I killed it.

> > > dns forwarder =

> This sounds like a recipe for disaster, how do get two dns servers to
> listen on port 53 and differentiate between them. Your clients should
> use the Samba DNS server for anything inside the domain and then the
> samba DNS server should forward anything outside the domain to an
> external dns server.

That's what is happening. I just have everything on one box. I both
specified in samba and in bind where they should listen on and lsof -P
-i -n confirms that they do what they're supposed to do.

> Yes I know you do, but you set the maximum password age in AD and you
> can do this with a GPO or samba-tool.

I see, I'll look it up and use samba-tool instead.

> Yes, stop disabling password ageing.

I only change a password when it is compromised. And the passwords in
the lab environment are all insecure.

> Yes the samba wiki, it is the only documentation I would recommend.

I see, I read a lot in the samba wiki, but missed the minimal samba
config for active directory.


More information about the samba mailing list