[Samba] Question about silos and Authentication policies

Stefan Kania stefan at kania-online.de
Wed Oct 18 15:42:33 UTC 2023

I just installed Samba 4.19.1 (Sernet-packages). Here is my smb.conf on 
my DC
# Global parameters
         ad dc functional level = 2016
         netbios name = ADDC-01
         realm = EXAMPLE.NET
         server role = active directory domain controller
         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, 
drepl, winbindd, ntp_signd, kcc, dnsupdate
         workgroup = EXAMPLE

         path = /var/lib/samba/sysvol
         read only = No

         path = /var/lib/samba/sysvol/example.net/scripts
         read only = No

I provisioned my DC with:

samba-tool domain provision --option="ad dc functional level = 2016" 
--function-level=2016 --domain=example --realm=example.net 
--host-ip= --backend-store=mdb --dns-backend=BIND9_DLZ 

Then I did:
samba-tool domain schemaupgrade --schema=2019
samba-tool domain functionalprep --function-level=2016
samba-tool domain level raise --domain-level=2016 --forest-level=2016

I joined a Windows 10 client. I can start ADUC sites-and-services 
DNS-manager from RSAT. But if I try to start "Active Directory 
Administrativ Center" to manage auth-policies and silos I getting the 
It's not possible to get a connection to any domain
So even if I had switch to FL 2016 I still can't manage auth-policies 
and silos via Windows RSAT?

Or did I forget something?

More information about the samba mailing list