[Samba] Problem connecting to DC from windows 10. Failed to create user record ... acl: unable to get access to

Andrzej Gryko andrzej.gryko at gmail.com
Wed Jul 25 07:06:32 UTC 2018 

 Avahi is not running.
My smb.conf:
# Global parameters
[global]
        netbios name = SAMBA
        realm = GRYKO.LOCAL
        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
        workgroup = GRYKO
        server role = active directory domain controller

[netlogon]
        path = /var/lib/samba/sysvol/gryko.local/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No

I didn't tell that I ran debian on Microsoft Hyper-V machine, I try to
connect to DC typing "gryko.local" as a domain in win 10 system properties,
and next typing username and password (also I type domainname\username and
password).

I installed two virtual machines and on both there is the same error in
log.samba.
I installed samba by: " *apt-get install samba smbclient bind9 krb5-user" *and
next I installed winbind by apt-get too*.*

my sysvol directory:
drwxrwx---+  3 root       3000000   4096 lip 22 17:28 sysvol

my scripts dir:
drwxrwx---+ 2 root 3000000 4096 lip 22 16:47 scripts

Regards
Andrzej


---------- Forwarded message ---------
From: Rowland Penny via samba <samba at lists.samba.org>
Date: wt., 24 lip 2018 o 23:05
Subject: Re: [Samba] Problem connecting to DC from windows 10. Failed to
create user record ... acl: unable to get access to ...
To: <samba at lists.samba.org>


On Tue, 24 Jul 2018 22:41:41 +0200
Andrzej Gryko via samba <samba at lists.samba.org> wrote:

>  Hi,
> Sorry for my english.
>
> I've got a problem configuring samba as DC on the newest Debian. While
> trying to login from windows 10, there is an error, it ask for name
> and password (when user and pass are incorrect, windows tells about
> it). In /var/log/samba/log.samba there is an entry:
> *Failed to create user record
> CN=ANDRZEJ-DESKTOP,CN=Computers,DC=gryko,DC=local: acl: unable to get
> access to CN=ANDRZEJ-DESKTOP,CN=Computers,DC=gryko,DC=local*
>
> gryko.local is my domain.

I take it that you didn't get the message that you shouldn't use
'.local' as it interferes with avahi, so if avahi is running, stop it.

How did you join the win10 machine to the domain ?

>
> smb.conf is generated by "samba-tool domain provision".

can you please post smb.conf

> While instaling samba, debian didn't install winbind, so I installed
> it manually.

Yes that is standard now.

> kinit administrator - works properly.
> smbclient -L localhost -U ... - properly

It looks like something isn't configured correctly, double
check everything.

Rowland

More information about the samba mailing list