[Samba] Unable to contact active directory or verify claim types

miguel medalha medalist at sapo.pt
Mon Feb 3 12:40:09 UTC 2020


I am using Samba as Active Directory Domain Controller as well as file
server, serving a network of Windows clients.

 

I recently upgraded a bunch of computers from Windows 7 to Windows 10
release 1909. I just discovered that Under Windows 10,  as a Domain Admin,
when I try to add a new permission to a folder or file on Samba shares
through the Advanced security tab I cannot do it because the box is grayed
and contains the following message:

 

"Unable to contact active directory or verify claim types"

 

The basic permissions work without problems, only the Advanced ones have
this problem.

 

If I log on to a Windows 7 client with the same account, everything works
perfectly.

 

When I try the same on a file located in the local hard disk, the above
message does not appear but the box is also grayed out. Once again, it works
perfectly under Windows 7.

 

The 2 DCs are running Samba 4.8.12 (I know it's old but I could not upgrade
yet due to hardware/software constraints). Dbcheck gives no errors,
replication is working fine. DNS is working fine. I see no other problems on
the network but this one.

 

The smb.conf on the AD DCS

 

[global]

                workgroup = MYDOMAIN

                realm = MYDOMAIN.TLD

                server role = active directory domain controller

                dns forwarder = x.x.x.x

                disable netbios = yes

 

                ntlm auth = no

                client ipc signing = mandatory

 

                server min protocol = SMB2_10

                client min protocol = SMB2_10

                client ipc min protocol = SMB2_10

 

                smb ports = 445

 

[netlogon]

                path = /path/to/sysvol/scripts

                read only = no

                browsable = yes

 

[sysvol]

                path = /path/to/sysvol/

                read only = no

                browsable = yes

 

 

Any clues? Thank you.



More information about the samba mailing list