[Samba] Question about silos and Authentication policies
Stefan Kania
stefan at kania-online.de
Wed Oct 18 15:42:33 UTC 2023
I just installed Samba 4.19.1 (Sernet-packages). Here is my smb.conf on
my DC
-----------------
# Global parameters
[global]
ad dc functional level = 2016
netbios name = ADDC-01
realm = EXAMPLE.NET
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbindd, ntp_signd, kcc, dnsupdate
workgroup = EXAMPLE
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[netlogon]
path = /var/lib/samba/sysvol/example.net/scripts
read only = No
-----------------
I provisioned my DC with:
-----------
samba-tool domain provision --option="ad dc functional level = 2016"
--function-level=2016 --domain=example --realm=example.net
--host-ip=192.168.56.201 --backend-store=mdb --dns-backend=BIND9_DLZ
--adminpass=Gansgehe1m
-----------
Then I did:
---------
samba-tool domain schemaupgrade --schema=2019
samba-tool domain functionalprep --function-level=2016
samba-tool domain level raise --domain-level=2016 --forest-level=2016
---------
I joined a Windows 10 client. I can start ADUC sites-and-services
DNS-manager from RSAT. But if I try to start "Active Directory
Administrativ Center" to manage auth-policies and silos I getting the
message:
--------
It's not possible to get a connection to any domain
--------
So even if I had switch to FL 2016 I still can't manage auth-policies
and silos via Windows RSAT?
Or did I forget something?
More information about the samba
mailing list