[Samba] Server is not operational messages when using Active Directory Users & Computers tool

Thu Apr 20 23:27:52 UTC 2023

I'm running Samba 4.17 from backports on a Debian 11 (Bullseye) VM. My 
Samba installation passes the tests in 
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Testing_your_Samba_AD_DC 
but I'm having trouble with communications between the DC VM and my 
Windows 10 client VM (both running on the same physical machine).

root at DC1:~# smbclient -L localhost -N
Anonymous login successful

        Sharename       Type      Comment
        ---------       ----      -------
        sysvol          Disk
        netlogon        Disk
        IPC$            IPC       IPC Service (Samba 4.17.7-Debian)
SMB1 disabled -- no workgroup available
root at DC1:~# smbclient //localhost/netlogon -UAdministrator -c 'ls'
Password for [HOME\Administrator]:
  .                                   D        0  Wed Apr  5 09:26:18 2023
  ..                                  D        0  Wed Apr  5 09:26:23 2023

                7093868 blocks of size 1024. 4931028 blocks available
root at DC1:~# exit
logout
garydale at DC1:~$ host -t SRV _ldap._tcp.home.rahim-dale.org
_ldap._tcp.home.rahim-dale.org has SRV record 0 100 389 
dc1.home.rahim-dale.org.
garydale at DC1:~$ host -t SRV _kerberos._udp.home.rahim-dale.org
_kerberos._udp.home.rahim-dale.org has SRV record 0 100 88 
dc1.home.rahim-dale.org.
garydale at DC1:~$ host -t A dc1.home.rahim-dale.org
dc1.home.rahim-dale.org has address 192.168.1.13
garydale at DC1:~$ kinit administrator
Password for administrator at HOME.RAHIM-DALE.ORG:
garydale at DC1:~$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: administrator at HOME.RAHIM-DALE.ORG

Valid starting       Expires              Service principal
2023-04-20 18:34:29  2023-04-21 04:34:29 
krbtgt/HOME.RAHIM-DALE.ORG at HOME.RAHIM-DALE.ORG
        renew until 2023-04-21 18:34:23

On the Windows 10 VM, I am logged in as HOME\Administrator. I can ping 
DC1 (and dc1) from a command prompt. However when I start up  Active 
Directory Users & Computers I get a message "Naming information cannot 
be located for the following reason: The server is not operational". I 
get a similar message when I select "home.rahim-dale.org" from the 
change domain dialog. However I can connect to DC1 from the change 
domain controller dialog - I just have to type it in and I get back what 
appears to be a list of entities from the home.rahim-dale.org domain.

When I try to create a new user, I get a message "The specified domain 
either does not exist or could not be contacted". However the New Object 
- User dialogue opens and I can create one. But I get a message back 
about the server not being operational.... I can't actually create a new 
user this way.

When I try to connect as a new user I created using samba-tool, I get a 
message about the domain not being available. However, the user does 
show up in the list of entities in the home.rahim-dale.org domain (above).

Any ideas on what is going wrong?