[Samba] Active Directory Administrative Center cannot connect to an domain despite Workstation successfully joined the domain

samba-th at pfoertner-net.de samba-th at pfoertner-net.de
Sat Jan 25 09:29:13 UTC 2020 

Actually I was already afraid of that, though I did not manage to find
the link you mention.

But what is the alternative. I understand the wiki that way that to set
up shares using windows ACLs can only be done via Windows admin tools.
Options I see are:

 * Using "other tools" like older versions. Like Windows 7 or pre1809
Windows 10 with the downloaded version of RSAT. At least in terms of
security and maintenance this is far from ideal.
Is there is any knowledge, which setup works i.e. how far I have to go
back (and how? I am not sure what old installation sources I have around).

 * Using POSIX ACLs. This would require a separate samba installation as
this is not possible on the DC as I understand from the wiki. Besides
that it would require a system with a separate IP which would make my
setup more complicated. All my servers and daemons run in docker
containers on a single HW as it is only a very small home and tiny
office network.

Besides that I have two questions to the community:

 * Is there a plan when to end the situation that "Samba 4 does not yet
support" Active Directory Web Services?
 * I think it would be helpful to add some note to relevant pages in the
wiki like those on "Installing RSAT" and "Setting up a Share Using
Windows ACLs". For me this would have saved quite a couple of hours.

Am 24.01.2020 um 22:38 schrieb Jonathon Reinhart:
> As you've observed, both "Active Directory Administrative Center" and
> the AD module for Windows Powershell rely on Active Directory Web
> Services, which Samba 4 does not yet support.
>
> See https://www.spinics.net/lists/samba/msg126819.html
>
> On Fri, Jan 24, 2020 at 4:18 PM Thomas via samba
> <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
>
>     Hello,
>
>     I am trying to set up a new domain using Samba for the DC.
>
>     I followed two concepts, one was to use an existing docker
>     container for
>     that purpose (samba 4.3 on ubuntu 18.3), the other was to set it up
>     myself on a plain ubuntu image (Ubuntu 18.04.3 LTS, samba 4.7.6).
>
>     Thanks to the pretty good samba wiki I got the a promising point with
>     these things working well:
>      * DC up and running
>      * all checks found in the wiki and elsewhere passed, especially
>     about dns
>      * newly installed PC joined the domain (latest Windows 10, 19.10)
>      * login on the PC as domain administrator or any other domain user
>      * RSAT tools activated via optional features
>      * setting up new groups and users using "Active Directory Users and
>     Computers" from the windows PC
>      * "Group Policy Management" seems to work, but I did not really do
>     something here yet.
>      * same for "Active Directory Sites and Services"
>      * "DNS Manager" seems to work, however the forwarder that has
>     been set
>     up and is definitely working, is not listed
>
>     so far so good. Now I wanted to add a share to the server (target
>     is to
>     enable roaming profiles but this is not relevant yet). Preparations on
>     the server editing smb.conf are done and the rest should be done from
>     windows according to the wiki. And here start the problems:
>      * starting "Active Directory Administrative Center" gave a
>     warning that
>     it "Cannot connect to any domain" despite the machine is in the domain
>     and I have logged in as the domain administrator
>
>     What also puzzles me is that AD Module for Windows Power Shell starts
>     with a warning 'Unable to find a default server with Active Directory
>     Web Services running'. Some newer RSAT tools, like the "Administrative
>     Center" seem to be browser based. All others work find. But I did not
>     find AD Web Services mentioned anywhere in relation to samba.
>     Where is the problem or missing link? What can I do find out more
>     or get
>     closer to a solution?
>
>     regards
>     Thomas
>
>
>     -- 
>     To unsubscribe from this list go to the following URL and read the
>     instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
Thomas Pförtner
Wallbergstraße 2
85635 Höhenkirchen
email: thomas at pfoertner-net.de <mailto:thomas at pfoertner-net.de>
PGP: signature download
<https://keyserver.ubuntu.com/pks/lookup?search=0xDE89A60B4B4FA5CF>
prv +49 8102 999470
büro +49 8102 8056 130
fax +49 8102 999472
mob +49 1577 8856 451

More information about the samba mailing list