[Samba] Windows login problem to a Samba AD DC
tizo
tizone at gmail.com
Wed Nov 24 16:24:57 UTC 2021
> Where did you get the Samba packages from ? Out of the box the OS Samba
> packages cannot provision an AD domain.
>
My installation and configuration was a mix between
https://samba.tranquil.it/doc/en/samba_config_server/redhat8/server_install_samba_centos.html#server-install-samba-centos
and
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller.
So the packages were obtained from this repo:
https://samba.tranquil.it/redhat8/samba-4.15/, and I could make the
provision process without problem.
>
> How did you provision the domain ?
>
More specifically:
samba-tool domain provision --realm=ADTEST.XX.XX.UY --domain ADTEST
--server-role=dc --use-rfc2307
> Does the DC use itself as nameserver (and not 127.0.0.1) ?
>
At OS level?. No, it wasn't. But I change it now, reboot the DC, reboot the
windows client, and the issue persists.
What is in /etc/krb5.conf ?
>
[libdefaults]
default_realm = ADTEST.XX.XX.UY
dns_lookup_realm = false
dns_lookup_kdc = true
[realms]
ADTEST.XX.XX.UY = {
default_domain = adtest.xx.xx.uy
}
[domain_realm]
smbtest = ADTEST.XX.XX.UY
> What is in your smb.conf ?
>
# Global parameters
[global]
dns forwarder = 10.1.100.3
netbios name = SMBTEST
realm = ADTEST.XX.XX.UY
server role = active directory domain controller
workgroup = ADTEST
idmap_ldb:use rfc2307 = yes
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[netlogon]
path = /var/lib/samba/sysvol/adtest.xx.xx.uy/scripts
read only = No
More information about the samba
mailing list