[Samba] Active Directory Administrative Center cannot connect to an domain despite Workstation successfully joined the domain

Yvan Masson yvan at masson-informatique.fr
Sat Jan 25 15:10:18 UTC 2020

Le 25/01/2020 à 10:29, Thomas via samba a écrit :
> Actually I was already afraid of that, though I did not manage to find
> the link you mention.
> But what is the alternative. I understand the wiki that way that to set
> up shares using windows ACLs can only be done via Windows admin tools.

I have never used it, but I suppose smbcacls (which is part of Samba) 
could do the job if you want to use Windows ACLs. This makes me think 
that it is strange it is not on the wiki: any reason for that?

> Options I see are:
>   * Using "other tools" like older versions. Like Windows 7 or pre1809
> Windows 10 with the downloaded version of RSAT. At least in terms of
> security and maintenance this is far from ideal.
> Is there is any knowledge, which setup works i.e. how far I have to go
> back (and how? I am not sure what old installation sources I have around).
>   * Using POSIX ACLs. This would require a separate samba installation as
> this is not possible on the DC as I understand from the wiki. Besides
> that it would require a system with a separate IP which would make my
> setup more complicated. All my servers and daemons run in docker
> containers on a single HW as it is only a very small home and tiny
> office network.
> Besides that I have two questions to the community:
>   * Is there a plan when to end the situation that "Samba 4 does not yet
> support" Active Directory Web Services?
>   * I think it would be helpful to add some note to relevant pages in the
> wiki like those on "Installing RSAT" and "Setting up a Share Using
> Windows ACLs". For me this would have saved quite a couple of hours.
> Am 24.01.2020 um 22:38 schrieb Jonathon Reinhart:
>> As you've observed, both "Active Directory Administrative Center" and
>> the AD module for Windows Powershell rely on Active Directory Web
>> Services, which Samba 4 does not yet support.
>> See https://www.spinics.net/lists/samba/msg126819.html
>> On Fri, Jan 24, 2020 at 4:18 PM Thomas via samba
>> <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
>>      Hello,
>>      I am trying to set up a new domain using Samba for the DC.
>>      I followed two concepts, one was to use an existing docker
>>      container for
>>      that purpose (samba 4.3 on ubuntu 18.3), the other was to set it up
>>      myself on a plain ubuntu image (Ubuntu 18.04.3 LTS, samba 4.7.6).
>>      Thanks to the pretty good samba wiki I got the a promising point with
>>      these things working well:
>>       * DC up and running
>>       * all checks found in the wiki and elsewhere passed, especially
>>      about dns
>>       * newly installed PC joined the domain (latest Windows 10, 19.10)
>>       * login on the PC as domain administrator or any other domain user
>>       * RSAT tools activated via optional features
>>       * setting up new groups and users using "Active Directory Users and
>>      Computers" from the windows PC
>>       * "Group Policy Management" seems to work, but I did not really do
>>      something here yet.
>>       * same for "Active Directory Sites and Services"
>>       * "DNS Manager" seems to work, however the forwarder that has
>>      been set
>>      up and is definitely working, is not listed
>>      so far so good. Now I wanted to add a share to the server (target
>>      is to
>>      enable roaming profiles but this is not relevant yet). Preparations on
>>      the server editing smb.conf are done and the rest should be done from
>>      windows according to the wiki. And here start the problems:
>>       * starting "Active Directory Administrative Center" gave a
>>      warning that
>>      it "Cannot connect to any domain" despite the machine is in the domain
>>      and I have logged in as the domain administrator
>>      What also puzzles me is that AD Module for Windows Power Shell starts
>>      with a warning 'Unable to find a default server with Active Directory
>>      Web Services running'. Some newer RSAT tools, like the "Administrative
>>      Center" seem to be browser based. All others work find. But I did not
>>      find AD Web Services mentioned anywhere in relation to samba.
>>      Where is the problem or missing link? What can I do find out more
>>      or get
>>      closer to a solution?
>>      regards
>>      Thomas
>>      --
>>      To unsubscribe from this list go to the following URL and read the
>>      instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list