[Samba] access "claim types"
Stefan G. Weichinger
lists at xunil.at
Wed Feb 15 08:59:51 UTC 2023
Am 15.02.23 um 08:56 schrieb Andrew Bartlett:
> Claims are a Windows 2012R2 feature (currently being added to Samba's
> AD DC, but that isn't important for this) that are a new type of ACL
> element.
>
> Unlike translating user SIDs to names, which is done via the file
> server, I'm assuming from this message that the client is directly
> connecting to the AD DC over LDAP to get the list of claim types, for
> the GUI.
>
> Perhaps there is a simple connection failure direct to the DC?
Well, the server we see this warning on IS one of the DCs itself.
There is one DC with flaky behavior: no DNS replies from that server for
me on linux. Don't know if that server works for the windows world (I am
only the external admin for the file server and the backups running
there ...).
I edited the used DNS servers on the DC I test on to only use the "good
ones", still that warning.
Maybe that never worked, I don't use that ... I'll have to check that at
other customers, just to see.
Other seem to hit that as well, not mentioning samba:
https://superuser.com/questions/1749640/cant-adjust-special-permissions-unable-to-contact-active-directory-to-access
Maybe that feature needs some activation or configuration in AD initially?
--
I suggested a maintenance slot to get the permissions right for the
shares on the linux side. Just to fix the basics (although it sounds
scary to touch this on productive machines).
After that we'll see.
thanks so far
More information about the samba
mailing list