[Samba] Windows login problem to a Samba AD DC

Denis CARDON dcardon at tranquil.it
Wed Nov 24 17:09:41 UTC 2021 

Hi Tizo,

Le 24/11/2021 à 17:24, tizo via samba a écrit :
>> Where did you get the Samba packages from ? Out of the box the OS Samba
>> packages cannot provision an AD domain.
>>
> 
> My installation and configuration was a mix between
> https://samba.tranquil.it/doc/en/samba_config_server/redhat8/server_install_samba_centos.html#server-install-samba-centos
> and
> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller.
> So the packages were obtained from this repo:
> https://samba.tranquil.it/redhat8/samba-4.15/, and I could make the
> provision process without problem.

Sorry for the inconvenience. Actually it is not recommended to use a .0 
minor version in production unless you really know what you are doing. I 
have renamed the repo with a -testing suffix since it does not seem to 
be clear.

And in the documentation we don't refer to that version actually. The 
version that we have mostly in production is 4.14.10. I think you can 
downgrade your server without having to reinstall.

What specific feature of 4.15 are you looking for?

Denis

> 
> 
>>
>> How did you provision the domain ?
>>
> 
> More specifically:
> 
> samba-tool domain provision --realm=ADTEST.XX.XX.UY --domain ADTEST
> --server-role=dc --use-rfc2307
> 
> 
>> Does the DC use itself as nameserver (and not 127.0.0.1) ?
>>
> 
> At OS level?. No, it wasn't. But I change it now, reboot the DC, reboot the
> windows client, and the issue persists.
> 
> What is in /etc/krb5.conf ?
>>
> 
> [libdefaults]
> default_realm = ADTEST.XX.XX.UY
> dns_lookup_realm = false
> dns_lookup_kdc = true
> 
> [realms]
> ADTEST.XX.XX.UY = {
> default_domain = adtest.xx.xx.uy
> }
> 
> [domain_realm]
> smbtest = ADTEST.XX.XX.UY
> 
> 
>> What is in your smb.conf ?
>>
> 
> # Global parameters
> [global]
> dns forwarder = 10.1.100.3
> netbios name = SMBTEST
> realm = ADTEST.XX.XX.UY
> server role = active directory domain controller
> workgroup = ADTEST
> idmap_ldb:use rfc2307 = yes
> 
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
> 
> [netlogon]
> path = /var/lib/samba/sysvol/adtest.xx.xx.uy/scripts
> read only = No
>

More information about the samba mailing list