Hello,
I have installed a samba-ad-dc and try to connect a windows 10 laptop to the domain but receive an error “incorrect parameter”
My settings:
server with tumbleweed (with XEN kernel): there I run NTP, DHCP and DNS (chroot with dynamique DNS)
DNS manage zone pce23.net and I have delegated a sub zone adsam.pce23.net to another server (XEN VM)
VM:
here I have a DNS (not chroot) to manage zone adsam.pce23.net: server name is vmsam.adsam.pce23.net
samba-ad-dc
ntp
Result provision samba:
samba-tool domain provision --use-rfc2307 --realm=ADSAM.PCE23.NET --dns-backend=BIND9_DLZ --domain=ADSAM --server-role=dc --adminpass=xxxxxxx
...
Server Role: active directory domain controller
Hostname: vmsam
NETBIOS domain: ADSAM
DNS Domain: adsam.pc23.net
Domain SID: S-1-5-21-2478815240-34117533641-2979103045
/etc/samba/smb.conf
#[size=3] Global parameters
[global]
netbios name = VMSAM
realm = ADSAM.PCE23.NET
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
workgroup = ADSAM
idmap_ldb:use rfc2307 = yes
winbind enum users = yes
winbind enum groups = yes
# activate acl
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
log level = 3 passdb:5 auth:10 winbind:5
# max.protocol = NT1
[netlogon]
path = /var/lib/samba/sysvol/adsam.pce23.net/scripts
read only = No[/size]
[sysvol]
path = /var/lib/samba/sysvol
read only = No
I have copied the samba krb5.conf to /etc, added the samba tkey-gssapi-keytab and the samba include in /etc/named.conf, changed the /etc/nsswitch.conf and started samba via “systemctl start samba-ad-dc” ==> Status is active (running)
Test DNS and SRV records
vmsam:/var/lib/samba # dig +short -t NS adsam.pce23.net
vmsam.adsam.pce23.net.
vmsam:/var/lib/samba # dig +short -t SRV _kerberos._udp.adsam.pce23.net
0 100 88 vmsam.adsam.pce23.net.
vmsam:/var/lib/samba # dig +short -t SRV _ldap._tcp.adsam.pce23.net
0 100 389 vmsam.adsam.pce23.net.
Connection windows 10:
first I added a user “wphil” in samba
in Windows 10 i have the same user “wphil” with same password
- I set the domain ADSAM, user wphil and enter the password ==> incorrect parameter
- if I enter a non existing domain I receive an error that the domain could not be reached or that the SRV record is missing ==> so domain ADSAM can be reached
- If I enter a non valid password I receive an error that the login/password could not be found ==> so the login is recognized:)
- if I use the administrator login password the same error “incorrect parameter” occurs
In journalctl of the VM if have these messages
May 21 09:30:09 vmsam smbd[4910]: [2018/05/21 09:30:09.362722, 0, pid=4910, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:4>
May 21 09:30:09 vmsam smbd[4910]: load_auth_module: can't find auth method samba4!
May 21 09:30:09 vmsam smbd[4910]: [2018/05/21 09:30:09.367178, 0, pid=4910, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:4>
May 21 09:30:09 vmsam smbd[4910]: load_auth_module: can't find auth method samba4!
May 21 09:30:09 vmsam smbd[4910]: [2018/05/21 09:30:09.444308, 0, pid=4910, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:4>
May 21 09:30:09 vmsam smbd[4910]: load_auth_module: can't find auth method samba4!
May 21 09:30:10 vmsam smbd[4911]: [2018/05/21 09:30:10.138949, 0, pid=4911, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:4>
May 21 09:30:10 vmsam smbd[4911]: load_auth_module: can't find auth method samba4!
May 21 09:30:10 vmsam smbd[4911]: [2018/05/21 09:30:10.209128, 0, pid=4911, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:4>
May 21 09:30:10 vmsam smbd[4911]: load_auth_module: can't find auth method samba4!
I tried to add in smb.conf “max.protocol = NT1” but it seems not valid for AD
May 21 09:42:22 vmsam samba[4319]: [2018/05/21 09:42:22.855009, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
May 21 09:42:22 vmsam samba[4319]: /usr/sbin/samba_kcc: Unknown parameter encountered: "max.protocol"
May 21 09:42:22 vmsam samba[4319]: [2018/05/21 09:42:22.855709, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
May 21 09:42:22 vmsam samba[4319]: /usr/sbin/samba_kcc: Ignoring unknown parameter "max.protocol"
May 21 09:42:22 vmsam samba[4319]: [2018/05/21 09:42:22.975187, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
May 21 09:42:22 vmsam samba[4319]: /usr/sbin/samba_kcc: ldb_wrap open of secrets.ldb
May 21 09:47:23 vmsam samba[4319]: [2018/05/21 09:47:23.118807, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
May 21 09:47:23 vmsam samba[4319]: /usr/sbin/samba_kcc: Unknown parameter encountered: "max.protocol"
May 21 09:47:23 vmsam samba[4319]: [2018/05/21 09:47:23.120012, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
May 21 09:47:23 vmsam samba[4319]: /usr/sbin/samba_kcc: Ignoring unknown parameter "max.protocol"
May 21 09:47:23 vmsam samba[4319]: [2018/05/21 09:47:23.220939, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
May 21 09:47:23 vmsam samba[4319]: /usr/sbin/samba_kcc: ldb_wrap open of secrets.ldb
Any Hint?
Regards
Philippe