[Samba] Unable to contact active directory or verify claim types

miguel medalha medalist at sapo.pt
Mon Feb 3 12:40:09 UTC 2020

I am using Samba as Active Directory Domain Controller as well as file
server, serving a network of Windows clients.


I recently upgraded a bunch of computers from Windows 7 to Windows 10
release 1909. I just discovered that Under Windows 10,  as a Domain Admin,
when I try to add a new permission to a folder or file on Samba shares
through the Advanced security tab I cannot do it because the box is grayed
and contains the following message:


"Unable to contact active directory or verify claim types"


The basic permissions work without problems, only the Advanced ones have
this problem.


If I log on to a Windows 7 client with the same account, everything works


When I try the same on a file located in the local hard disk, the above
message does not appear but the box is also grayed out. Once again, it works
perfectly under Windows 7.


The 2 DCs are running Samba 4.8.12 (I know it's old but I could not upgrade
yet due to hardware/software constraints). Dbcheck gives no errors,
replication is working fine. DNS is working fine. I see no other problems on
the network but this one.


The smb.conf on the AD DCS



                workgroup = MYDOMAIN

                realm = MYDOMAIN.TLD

                server role = active directory domain controller

                dns forwarder = x.x.x.x

                disable netbios = yes


                ntlm auth = no

                client ipc signing = mandatory


                server min protocol = SMB2_10

                client min protocol = SMB2_10

                client ipc min protocol = SMB2_10


                smb ports = 445



                path = /path/to/sysvol/scripts

                read only = no

                browsable = yes



                path = /path/to/sysvol/

                read only = no

                browsable = yes



Any clues? Thank you.

More information about the samba mailing list