[Samba] Unable to contact active directory or verify claim types
Rowland penny
rpenny at samba.org
Mon Feb 3 13:48:54 UTC 2020
On 03/02/2020 12:40, miguel medalha via samba wrote:
> I am using Samba as Active Directory Domain Controller as well as file
> server, serving a network of Windows clients.
It looks like you are saying that you are using the DC as a fileserver,
but you haven't shown any shares in your smb.conf (other than netlogon
and sysvol and these do not count).
>
>
>
> I recently upgraded a bunch of computers from Windows 7 to Windows 10
> release 1909. I just discovered that Under Windows 10, as a Domain Admin,
> when I try to add a new permission to a folder or file on Samba shares
> through the Advanced security tab I cannot do it because the box is grayed
> and contains the following message:
>
>
>
> "Unable to contact active directory or verify claim types"
There are numerous differences between Win 7 and 10, not least is SMBv1
being turned off by default (not that this should affect you, you have
it turned off as well), have you read this:
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
> The 2 DCs are running Samba 4.8.12 (I know it's old but I could not upgrade
> yet due to hardware/software constraints). Dbcheck gives no errors,
> replication is working fine. DNS is working fine. I see no other problems on
> the network but this one.
>
> The smb.conf on the AD DCS
>
> [global]
> workgroup = MYDOMAIN
> realm = MYDOMAIN.TLD
> server role = active directory domain controller
> dns forwarder = x.x.x.x
> disable netbios = yes
> ntlm auth = no
> client ipc signing = mandatory
> server min protocol = SMB2_10
> client min protocol = SMB2_10
> client ipc min protocol = SMB2_10
> smb ports = 445
>
> [netlogon]
> path = /path/to/sysvol/scripts
> read only = no
> browsable = yes
>
> [sysvol]
> path = /path/to/sysvol/
> read only = no
> browsable = yes
>
> Any clues? Thank you.
>
Are you running anything else on the DC (sssd for instance) ?
Rowland
More information about the samba
mailing list