[Samba] Unable to contact active directory or verify claim types
miguel medalha
medalist at sapo.pt
Mon Feb 3 12:40:09 UTC 2020
I am using Samba as Active Directory Domain Controller as well as file
server, serving a network of Windows clients.
I recently upgraded a bunch of computers from Windows 7 to Windows 10
release 1909. I just discovered that Under Windows 10, as a Domain Admin,
when I try to add a new permission to a folder or file on Samba shares
through the Advanced security tab I cannot do it because the box is grayed
and contains the following message:
"Unable to contact active directory or verify claim types"
The basic permissions work without problems, only the Advanced ones have
this problem.
If I log on to a Windows 7 client with the same account, everything works
perfectly.
When I try the same on a file located in the local hard disk, the above
message does not appear but the box is also grayed out. Once again, it works
perfectly under Windows 7.
The 2 DCs are running Samba 4.8.12 (I know it's old but I could not upgrade
yet due to hardware/software constraints). Dbcheck gives no errors,
replication is working fine. DNS is working fine. I see no other problems on
the network but this one.
The smb.conf on the AD DCS
[global]
workgroup = MYDOMAIN
realm = MYDOMAIN.TLD
server role = active directory domain controller
dns forwarder = x.x.x.x
disable netbios = yes
ntlm auth = no
client ipc signing = mandatory
server min protocol = SMB2_10
client min protocol = SMB2_10
client ipc min protocol = SMB2_10
smb ports = 445
[netlogon]
path = /path/to/sysvol/scripts
read only = no
browsable = yes
[sysvol]
path = /path/to/sysvol/
read only = no
browsable = yes
Any clues? Thank you.
More information about the samba
mailing list