[Samba] access "claim types"

Stefan G. Weichinger lists at xunil.at
Wed Feb 15 08:59:51 UTC 2023

Am 15.02.23 um 08:56 schrieb Andrew Bartlett:

> Claims are a Windows 2012R2 feature (currently being added to Samba's
> AD DC, but that isn't important for this) that are a new type of ACL
> element.
> Unlike translating user SIDs to names, which is done via the file
> server, I'm assuming from this message that the client is directly
> connecting to the AD DC over LDAP to get the list of claim types, for
> the GUI.
> Perhaps there is a simple connection failure direct to the DC?

Well, the server we see this warning on IS one of the DCs itself.

There is one DC with flaky behavior: no DNS replies from that server for 
me on linux. Don't know if that server works for the windows world (I am 
only the external admin for the file server and the backups running 
there ...).

I edited the used DNS servers on the DC I test on to only use the "good 
ones", still that warning.

Maybe that never worked, I don't use that ... I'll have to check that at 
other customers, just to see.

Other seem to hit that as well, not mentioning samba:


Maybe that feature needs some activation or configuration in AD initially?


I suggested a maintenance slot to get the permissions right for the 
shares on the linux side. Just to fix the basics (although it sounds 
scary to touch this on productive machines).

After that we'll see.

thanks so far

More information about the samba mailing list